US20030212886A1 - Encryption/decryption system and encryption/decryption method - Google Patents

Encryption/decryption system and encryption/decryption method Download PDF

Info

Publication number
US20030212886A1
US20030212886A1 US10/431,615 US43161503A US2003212886A1 US 20030212886 A1 US20030212886 A1 US 20030212886A1 US 43161503 A US43161503 A US 43161503A US 2003212886 A1 US2003212886 A1 US 2003212886A1
Authority
US
United States
Prior art keywords
encryption
data
decryption
header information
work key
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Abandoned
Application number
US10/431,615
Inventor
Atsuko Sugiura
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
NEC Corp
Original Assignee
NEC Corp
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by NEC Corp filed Critical NEC Corp
Assigned to NEC CORPORATION reassignment NEC CORPORATION ASSIGNMENT OF ASSIGNORS INTEREST (SEE DOCUMENT FOR DETAILS). Assignors: SUGIURA, ATSUKO
Publication of US20030212886A1 publication Critical patent/US20030212886A1/en
Abandoned legal-status Critical Current

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • H04L63/0457Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply dynamic encryption, e.g. stream encryption
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/10Protecting distributed programs or content, e.g. vending or licensing of copyrighted material ; Digital rights management [DRM]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/06Network architectures or network communication protocols for network security for supporting key management in a packet data network
    • H04L63/068Network architectures or network communication protocols for network security for supporting key management in a packet data network using time-dependent keys, e.g. periodically changing keys
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • H04L9/0866Generation of secret information including derivation or calculation of cryptographic keys or passwords involving user or device identifiers, e.g. serial number, physical or biometrical information, DNA, hand-signature or measurable physical characteristics

Definitions

  • the present invention relates to an encryption/decryption system used for storing and reproducing digital data of, for example, music and videos.
  • the present invention also relates to a code decipherment prevention/falsification prevention system for rendering code decipherment difficult, and for rendering falsified data difficult to use.
  • a data encryption technique is used from the viewpoint of copyright protection.
  • Unexamined Japanese Patent Application KOKAI Publication No. H10-290222 discloses a technique for encrypting and sending digital data to a storage device, and for decrypting encrypted data read out from the storage,
  • its encryption algorithm may be revealed by analyzing-a mass of the encrypted digital data. Once the encryption algorithm is known by an unauthorized third party, the encrypted data is easily decrypted by the third party.
  • an object of the present invention is to provide an encryption/decryption system and method, for rendering code decipherment difficult and rendering falsification difficult.
  • Another object of the present invention is to provide an encryption/decryption system and method which can prevent unauthorized copying/falsifying.
  • an encryption/decryption system for encrypting/decrypting digital data including header information and a data body, the system comprising:
  • an encryption work key generation unit which generates an encryption work key based on the header information of the digital data
  • an encryption unit which, as to the digital data, encrypts the data body, using the encryption work keys, and outputs the digital data;
  • a decryption work key generation unit which generates a decryption work key based on the header information of the digital data encrypted by the encryption unit;
  • a decryption unit which, as to the digital data encrypted by the encryption unit, decrypts the encrypted data body using the decryption work key, in order to reproduce the digital data including the decrypted data body and the corresponding header information.
  • the digital data may be data made up of a series of a plurality of data blocks each including header information and a data body, and the header information may be unique to each data block,
  • said encryption work key generation unit generates an encryption work key for each data block based on the header information of the data block;
  • said encryption unit encrypts the data body of each data block, using the encryption work key generated for the data block;
  • said decryption work key generation unit generates the decryption work key for each data block based on the header information of the encrypted data block;
  • said decryption unit decrypts the encrypted data body of each data block using the decryption work key for the data block.
  • the encryption work key generation unit may generate the encryption work key using all or a part of the header information extracted from the digital data and a master key, and the decryption work key generation unit may generate the decryption work key using all or the part of the header information extracted from the encrypted digital data and the master key.
  • the master key may be unique to each the encryption/decryption system.
  • the encryption work key generation unit and the decryption work key generation unit may respectively generate the work keys by obtaining an exclusive or of the master key and the header information.
  • the digital data may be data made up of a series of data blocks each including header information and a data body
  • the system may further comprise a filter which receives the digital data, extracts data blocks of a specific program based on the header information, and outputs the extracted data blocks
  • the encryption work key generation unit may extract the header information of the data block extracted by the filter, and generate the encryption work key based on the extracted header information
  • the encryption block may encrypt the data block extracted by the filter.
  • the digital data may be data based on MPEG and made up of a series of transport packets each including header information and a payload
  • the system may further comprise a filter which receives the digital data, extracts transport packets of a specific program based on the header information, and outputs the extracted transport packets
  • the encryption work key generation unit may extract the header information of the transport packets extracted by the filter, and generate encryption work keys based n the extracted header information
  • the encryption unit may encrypt the transport packet extracted by the filter.
  • the header information may include PID header information containing information regarding a program number, and CC header information containing a cyclic count value which is changed in accordance with an order of transport packets to confirm continuation of transport packets, and the encryption work key generation unit may generate the encryption work keys based on at least the PID header information and the CC header information.
  • the encryption/decryption system may comprise an encryption range determination unit which designates a range of data that should be encrypted, and notifies the designated range to the encryption unit and the decryption unit.
  • the encryption/decryption system may comprise a range determination unit which designates a range used for generating the work keys, and notifies the designated range to the encryption work key generation unit and the decryption work key generation unit.
  • the encryption unit may output the header information of the digital data as it is, encrypts the data body using the encryption work key and outputs the encrypted data body, and thereby generate encrypted data including the original header information and the encrypted data body
  • the decryption unit may output the header information of the encrypted digital data as it is, decrypt the encrypted data body using the decryption work keys and output the decrypted data body, and thereby reproduce the original digital data.
  • an encryption system for encrypting digital data including header information and a data body, the system comprising;
  • an encryption work key generation unit which generates an encryption work key based on the header information of the digital data
  • an encryption unit which, as to the digital data, encrypts the data body using the encryption work key, and outputs the digital data.
  • the digital data may be data made up of a series of a plurality of data blocks each including header information and a data body, and the header information may be unique to each data block, said encryption work key generation unit generates an encryption work key for each data block based on the header information of the data block; and said encryption unit encrypts the data body of each data block using the encryption work key generated for the data block.
  • the encryption work key generation unit may generate the encryption work key using all or a part of the header information extracted from the digital data and a master key.
  • the master key may be unique to each the encryption system.
  • the encryption work key generation unit may generate the work keys by obtaining an exclusive or of the master key and the header information.
  • the digital data may be data made up of a series of data blocks each including header information and a data body
  • the system may further comprise a filter which receives the digital data, extracts data blocks of a specific program based on the header information, and outputs the extracted data blocks
  • the encryption work key generation unit may extract the header information of the data block extracted by the filter, and generate the encryption work key based on the extracted header information
  • the encryption block may encrypt the data block extracted by the filter.
  • the digital data may be data based on MPEG and made up of a series of transport packets each including header information and a payload
  • the system may further comprise a filter which receives the digital data, extracts transport packets of a specific program based on the header information, and outputs the extracted transport packets
  • the encryption work key generation unit may extract the header information of the transport packets extracted by the filter, and generate encryption work keys based on the extracted header information
  • the encryption unit may encrypt the transport packets extracted by the filter.
  • the header information may include PID header information containing information regarding a program number, and CC header information containing a cyclic count value which is changed in accordance with an order of transport packets to confirm continuation of transport packets, and the encryption work key generation unit may generate the encryption work keys based on at least the PID header information and the CC header information.
  • the encryption system may comprise an encryption range determination unit which designates a range of data that should be encrypted, and notifies the designated range to the encryption unit.
  • the encryption system may comprise a range determination unit which designates a range used for generating the work key, and notifies the designated range to the encryption work key generation unit.
  • the encryption unit may simply output the header information of the digital data, output the data body by encrypting it using the encryption work keys, and thereby generate encrypted data including the original header information and the encrypted data body.
  • a decryption system for decrypting encrypted data of digital data including header information and a data body, comprising:
  • a decryption work key generation unit which generates a decryption work key based on the header information of the encrypted digital data
  • a decryption unit which, as to the encrypted digital data, decrypts the data body which is encrypted, using the decryption work key, in order to reproduce the digital data including the decrypted data body and the corresponding header information.
  • the digital data may be data made up of a series of a plurality of data blocks each including header information and a data body, and the header information may be unique to each data block, said decryption work key generation unit generates the decryption work key for each data block based on the header information of the encrypted data block; and said decryption unit decrypts the encrypted data body of each data block using the decryption work key for the data block.
  • the decryption work key generation unit may generate the decryption work key using all or a part of the header information extracted from the encrypted digital data and a master key.
  • the master key may be unique to each the decryption system.
  • the decryption work key generation unit may generate the work keys by obtaining an exclusive or of the master key and the header information.
  • the decryption system may comprise a decryption range determination unit which designates a range of data that should be decrypted, and notifies the designated range to the decryption unit.
  • the decryption system may comprise a range determination unit which designates a range used for generating the work keys, and notifies the designated range to the decryption work key generation unit.
  • the decryption unit may output the header information of the encrypted digital data as it is, decrypt the encrypted data body using the decryption work keys and outputs the decrypted data body, and thereby reproduce the original digital data.
  • an encryption method is a method of encrypting digital data including header information and a data body, the method comprising:
  • a computer program according to a fifth aspect of the present invention is a program for controlling a computer to 10 execute the above-described encryption method.
  • a decryption method is a method of decrypting encrypted data of digital data including header information and a data body, the method comprising:
  • a computer program according to seventh aspect of the present invention is a program for controlling a computer to execute the above-described decryption method.
  • FIG. 1 is a block diagram showing an encryption/decryption system according to a first embodiment of the present invention
  • FIG. 2 is a diagram for explaining a format of digital data processed by the encryption/decryption system 116 shown in FIG. 1;
  • FIG. 3 is a diagram for explaining a process for generating work keys used when data is encrypted
  • FIG. 4 is a diagram for explaining a process performed by an encryption block 104 ;
  • FIG. 5 is a diagram for explaining a process for generating work keys used when data is decrypted
  • FIG. 6 is a diagram for explaining a process performed by a decryption block 108 ;
  • FIG. 7 is a diagram for explaining a process for generating work keys for decryption, in a case where digital data is falsified;
  • FIG. 8 is a block diagram showing a structure of an encryption/decryption system according to a second embodiment of the present invention.
  • FIG. 9 is a diagram schematically showing a format of an MPEG2 transport stream to be processed by the encryption/decryption system 116 A shown in FIG. 8;
  • FIG. 10 is a diagram for explaining a process for generating work keys in the encryption/decryption system 116 ;
  • FIG. 11 is a diagram for explaining a process performed by the encryption block 104 ;
  • FIG. 12 is a block diagram showing an example of a structure of a work key generation block 102 or 107 ;
  • FIG. 13 is a block diagram showing a schematic structure of an encryption/decryption system according to a third embodiment of the present invention.
  • FIG. 14 is a diagram showing formats of a transport packet before and after being encrypted by the encryption/decryption system 116 shown in FIG. 13.
  • An encryption/decryption system 116 comprises a header extraction block 101 , a work key (encryption key) generation block 102 , a master key storage unit 103 , an encryption block 104 , a header extraction block 106 , a work key (decryption key) generation block 107 , and a decryption block 108 , as shown in FIG. 1.
  • Digital data to be processed is input to the encryption/decryption system 116 from another processing system through a data path (data stream) 109 .
  • Digital data processed by the encryption/decryption system 116 is output to another processing system through a data path 112 .
  • a data storage unit 105 is connected to the encryption/decryption system 116 .
  • the data storage unit 105 is constituted by a hard disk, a memory, or the like, and receives encrypted digital data processed by the encryption/decryption system 116 through a data path 110 , and stores the received encrypted digital data.
  • Digital data stored in the data storage unit 105 is read out form it and supplied to the encryption/decryption system 116 through a data path 111 .
  • the header extraction block 101 of the encryption/decryption system 116 extracts headers (or header information) from the digital data to be processed which is input through the data path 109 .
  • the header extraction clock 101 outputs the extracted headers to the work key generation block 102 through a header data path 115 .
  • the master key storage unit 103 is constituted by a flash ROM or the like.
  • the master key is unique to each encryption/decryption system 116 .
  • the master key storage unit 103 stores master key information necessary for encryption and decryption.
  • the master key storage unit 103 outputs master key information to the work key generation blocks 102 and 107 through master key paths 113 .
  • the work key generation block 102 receives headers (or header information, header data) from the header extraction block 101 through the header data path 115 . Further,.the work key generation block 102 receives the master key information from the master key storage unit 103 through the master key path 113 . The work key generation block 102 generates a work key necessary for encrypting the input digital data, using the headers extracted by the header extraction block 101 and the master key information output from the master key storage unit 103 . The work key generation block 102 outputs the generated work key to the encryption block 104 through a work key path 114 .
  • the encryption block 104 receives digital data to be processed from another processing system through the data path 109 , and receives the work key from the work key generation block 102 through the work key path 114 :
  • the encryption block 104 encrypts payloads of the digital data to be processed using the work key, and outputs the encrypted digital data to the data storage unit 105 through the data path 110 .
  • the header extraction block 106 receives the encrypted data output from the data storage unit 105 through the data path 111 , and extracts headers from the encrypted data.
  • the header extraction block 106 outputs the extracted headers to the work key generation block 107 .
  • the work key generation block 107 receives the headers of the encrypted data through a header data path 117 , and receives a master key from the master key storage unit 103 through the master key paths 113 .
  • the work key generation block 107 generates work keys necessary for decryption by using the headers of the encrypted data and the master key.
  • the work key generation block 107 outputs the generated work keys to the decryption block 108 through a work key path 118 .
  • the decryption block 108 receives the work key from the work key generation block 107 through the work key path 118 , and receives the encrypted data from the data storage unit 105 through the data path 111 .
  • the decryption block 108 decrypts the received encrypted data using the work key, and outputs the decrypted digital data to another processing system through the data path 112 .
  • FIG. 2 is a diagram for explaining the format of the digital data 21 to be processed by the encryption/decryption system 116 and that of the encrypted digital data 24 processed by the encryption/decryption system 116 .
  • digital data 21 to be input to the encryption/decryption system 116 in the form of data stream through the data path 109 has a structure in which data (data block) D 1 , D 2 , D 3 , . . . are supplied in this order.
  • the data D 1 , D 2 , D 3 , . . . respectively include a pair of a header HD 1 and a payload (data body) PD 2 , a pair of a header HD 2 and a payload (data body) PD 2 , a pair of a header PH 3 and a payload (data body) PD 3 , . . . .
  • the digital data 21 is encrypted by the encryption block 104 and converted into encrypted digital data 24 having a format shown in FIG. 2.
  • the encrypted digital data 24 has a structure in which encrypted data ED 1 , ED 2 , ED 3 , . . . are output in this order.
  • the encrypted data ED 1 , ED 2 , ED 3 , . . . respectively include a pair of an unencrypted header HD 1 and an encrypted payload EPD 1 , a pair of an unencrypted header HD 2 and an encrypted payload EPD 2 , a pair of an unencrypted header HD 3 and an encrypted payload EPD 3 , as shown in FIG. 2.
  • digital data decrypted by the decryption block 108 and output from the encryption/decryption system 116 through the data path 112 has the same structure as the digital data 21 .
  • FIG. 3 is a diagram for explaining procedures for generating the work keys for encryption.
  • the header extraction block 101 When the stream of the digital data 21 shown in FIG. 3 is supplied through the data path 109 to the encryption/decryption system 116 , the header extraction block 101 performs a header extraction process 31 to extract the headers HD 1 , HD 2 , HD 3 , . . . included in the data D 1 , D 2 , D 3 , . . . contained in the digital data 21 .
  • the header extraction block 101 outputs the extracted headers HD 1 , HD 2 , HD 3 , . . . to the work key generation block 102 .
  • the work key generation block 102 performs a work key generation process 32 shown in FIG. 3 to generate work keys WK 1 , WK 2 , WK 3 , . . . in accordance with a work key generation algorithm 33 using a master key and each of the headers HD 1 , HD 2 , HD 3 , . . . .
  • the work key generation algorithm 33 is arbitrary.
  • the data of the headers may be converted into data having the same bit number as that of the master key by using an arbitrary function (for example, a hash function), and the exclusive or of the converted headers and the master key may be obtained.
  • the headers may not be fully used, but may be partially used.
  • FIG. 4 is a diagram for explaining a process performed by the encryption block 104 .
  • the encryption block 104 performs an encryption process 41 , but simply outputs the headers HD 1 , HD 2 , HD 3 , . . . of the data D 1 , D 2 , D 3 , . . . included in the digital data 21 without encrypting them.
  • the encryption block 104 encrypts the payloads PD 1 , PD 2 , PD 3 , . . . in accordance with an encryption algorithm 42 of the encryption block 104 , using the work keys WK 1 , WK 2 , WK 3 , . . .
  • the headers HD 1 , HD 2 , HD 3 , . . . and the encrypted payloads EPD 1 , EPD 2 , EPD 3 . . . constitute encrypted data ED 1 , ED 2 , ED 3 . . . , respectively.
  • FIG. 5 is a diagram for explaining processes performed by the header extraction block 106 and the work key generation block 107 .
  • the encrypted digital data 24 is supplied from the data storage unit 106 in the form of the data stream to the encryption/decryption system 116 .
  • the header extraction block 106 performs a header extraction process 53 to extract the headers HD 1 , HD 2 , HD 3 , . . . of the encrypted data ED 1 , ED 2 , ED 3 , . . . included in the encrypted digital data 24 , and outputs the extracted headers to the work key generation block 107 .
  • the work key generation block 107 performs a work key generation process 54 to generate work keys WK 1 , WK 2 , WK 3 , . . . in accordance with a work key generation algorithm 55 by using a master key and the headers HD 1 , HD 2 , HD 3 , . . . .
  • the work key generation algorithm 55 is the same as the work key generation algorithm 33 .
  • FIG. 6 is a diagram for explaining a process performed by the decryption block 108 .
  • the decryption block 108 performs a decryption process 61 , however simply outputs the headers HD 1 , HD 2 , HD 3 , . . . of the encrypted data ED 1 , ED 2 , ED 3 , . . . included in the encrypted digital data 24 .
  • the decryption block 108 decrypts the encrypted payloads EPD 1 , EPD 2 , EPD 3 , . . . using the work keys WK 1 , WK 2 , WK 3 , . . .
  • the decryption block 108 restores the payload PD 1 , PD 2 , PD 3 , . . . , and outputs them. As a result, the original digital data 21 is restored.
  • FIG. 7 is a diagram for explaining a process for generating work keys for decryption, in a case where the encrypted digital data 24 is falsified.
  • digital data 71 which is the encrypted digital data 24 whose headers HD 1 , HD 2 , HD 3 . . . are falsified will be considered.
  • the header extraction block 106 performs the header extraction process 53 , and thereby extracts falsified headers FHD 1 , FHD 2 , FHD 3 , . . . .
  • the work key generation block 107 performs the work key generation process 54 using a master key and the falsified headers FHD 1 , FHD 2 , FHD 3 , . . . in accordance with the work key generation algorithm 55 , and thereby generates work keys FWK 1 , FWK 2 , FWK 3 , . . . .
  • the digital data 21 having the structure shown in FIG. 2 is input to the encryption/decryption system 116 , in the form of the data stream, shown in FIG. 1 through the data path 109 .
  • the header extraction block 101 performs header extraction process 31 to extract the headers HD 1 , HD 2 , HD 3 , . . . included in the data D 1 , D 2 , D 3 , . . . of the input digital data 21 as shown in FIG. 3, and outputs the extracted headers to the work key generation block 102 through the header data path 115 .
  • the work key generation block 102 performs the work key generation process 32 to generate work keys WK 1 , WK 2 , WK 3 , . . . necessary for encrypting the payloads PD 1 , PD 2 , PD 3 , . . . included in the data D 1 , D 2 , D 3 , . . . .
  • the work key generation block 102 generates the work keys WK 1 , WK 2 , WK 3 , . . . by processing a master key and the headers HD 1 , HD 2 , HD 3 , . . . included in the data D 1 , D 2 , D 3 , . . . in accordance with the work key generation algorithm 33 .
  • the work keys WK 1 , WK 2 , WK 3 , . . . generated in this manner are sequentially output to the encryption block 104 through the work key path 114 .
  • the encryption block 104 performs the encryption process 41 shown in FIG. 4 to simply output the headers HD 1 , HD 2 , HD 3 , . . . included in the sequentially supplied data D 1 , D 2 , D 3 , . . . , and to encrypt the payloads PD 1 , PD 2 , PD 3 , . . . using the work keys WK 1 , WK 2 , WK 3 , . . . to generate and output encrypted payload EPD 1 , EPD 2 , EPD 3 , . . . .
  • the encrypted digital data 24 including encrypted data ED 1 made up of the unchanged header HD 1 and the encrypted payload EPD 1 , encrypted data ED 2 made up of the unchanged header HD 2 and the encrypted payload EPD 2 , encrypted data ED 3 made up of the unchanged header HD 3 and the encrypted payload EPD 3 , . . . is generated.
  • the encrypted digital data 24 which is encrypted by the encryption process 41 performed by the encryption block 104 is output to the data storage unit 105 through the data path 110 .
  • the data storage unit 105 stores the supplied encrypted digital data 24 .
  • encryption of the digital data 21 is performed by generating the work keys WK 1 , WK 2 , WK 3 , . . . using the headers HD 1 , HD 2 , HD 3 , . . . of the data D 1 , D 2 , D 3 , . . . .
  • the header extraction block 106 performs the header extraction process 53 shown in FIG. 5 to sequentially extract the headers HD 1 , HD 2 , HD 3 , . . . of the encrypted data ED 1 , ED 2 , ED 3 , . . . , and outputs the extracted headers to the work key generation block 107 .
  • the work key generation block 107 performs the work key generation process 54 to sequentially generate work keys WK 1 , WK 2 , WK 3 , . . . , using the headers HD 1 , HD 2 , HD 3 , . . . and a master key in accordance with the work key generation algorithm 56 .
  • the generated work keys WK 1 , WK 2 , WK 3 , . . . are sequentially output to the decryption block 108 through the work key path 118 .
  • the work key generation algorithm 55 is the same as the work key generation algorithm. 33 used in encryption, and the headers HD 1 , HD 2 , HD 3 , . . . and the master key are identical with those used in encryption. Accordingly, the generated work keys WK 1 , WK 2 , WK 3 , . . . have the same values as the work keys WK 1 , WK 2 , WK 3 , . . . used in encryption.
  • the decryption block 108 performs the decryption process 61 shown in FIG. 6 to simply output the header HD 1 of the encrypted data ED 1 , and decrypt the encrypted payload EPD 1 using the work key WK 1 and output the decrypted payload. Next, the decryption block 108 simply outputs the header HD 2 of the encrypted data ED 2 , and decrypts the encrypted payload EPD 2 using the work key WK 2 and outputs the decrypted payload. The decryption block 108 repeats the same operation for the following data.
  • the work keys WK 1 , WK 2 , WK 3 , . . . used for decrypting the encrypted data ED 1 , ED 2 , ED 3 , . . . are the same as the work keys WK 1 , WK 2 , WK 3 used for encryption. Therefore, the encrypted data ED 1 , ED 2 , ED 3 , . . . can be properly decrypted and the original data D 1 , D 2 , D 3 , . . . can be obtained.
  • the data D 1 , D 2 , D 3 , . . . decrypted by the decryption block 108 are output to another processing system through the data path 112 .
  • the header extraction block 106 performs the header extraction process 53 to extract the falsified headers FHD 1 , FHD 2 , FHD 3 , . . . of the falsified encrypted data FED 1 , FED 2 , FED 3 , . . . , and outputs the extracted headers to the work key generation block 107 .
  • the work key generation block 107 performs the work key generation process 54 to process a master key supplied from the master key storage unit 103 and the falsified headers FHD 1 , FHD 2 , FHD 3 , . . . supplied from the header extraction block 106 in accordance with the work key generation algorithm 55 , thereby generating work keys FWK 1 , FWK 2 , FWK 3 , . . .
  • the generated work keys FWK 1 , FWK 2 , FWK 3 , . . . take different values from those of the work keys WK 1 , WK 2 , WK 3 , . . .
  • the work key generation block 107 supplies the generated work keys FWK 1 , FWK 2 , FWK 3 , . . . to the decryption block 108 .
  • the decryption block 108 decrypts the encrypted payloads EPD 1 , EPD 2 , EPD 3 , . . . using the supplied work keys FWK 1 , FWK 2 , FWK 3 , . . .
  • the generated work keys FWK 1 , FWK 2 , FWK 3 , . . . are different from the work keys WK 1 , WK 2 , WK 3 , . . . used at the time of encryption, the payloads PD 1 , PD 2 , PD 3 can not be properly restored.
  • the encryption/decryption system 116 uses not only a master key, but also headers in order to generate work keys. This means that the respective payloads will be encrypted using work keys different from one another. Therefore, even if a plurality of payloads are encrypted using the same encryption algorithm and the same master key, work keys used for encrypting the payloads are different payload by payload. That is, the encryption scheme is different data by data.
  • FIG. 8 is a block diagram showing the structure of an encryption/decryption system 116 A according to a second embodiment.
  • the basic structure of the encrption/decryption system 116 A according to the present embodiment is the same as the encryption/decryption system 116 shown in FIG. 1.
  • the encryption/decryption system 116 A has the following features different from the system shown in FIG. 1, in order to record and reproduce an MPEG2 transport stream (TS).
  • TS MPEG2 transport stream
  • the encryption/decryption system 116 A comprises a key conversion block 201 and a PID filter 202 . Further, the encryption/decryption system 116 A comprises a TS header extraction blocks 101 A and 106 A instead of the header extraction blocks 101 and 106 .
  • the key conversion block 201 is connected between the master key storage unit 103 and the work key generation blocks 102 and 107 .
  • the key conversion block 201 converts a master key output from the master key storage unit 103 into another key using a secret algorithm in order to enhance security.
  • the PID filter 202 extracts transport packets of a specific program having a specific PID (Packet IDentifier) from an input transport stream, and outputs the extracted transport packets to the TS header extraction block 101 A and the encryption block 104 through the data path 109 as a transport stream of the specific program.
  • PID Packet IDentifier
  • the TS (Transport Stream) header extraction block 101 A extracts headers from the transport stream of the specific program, and outputs the extracted headers to the work key generation block 102 through the header data path 115 .
  • the TS header extraction block 106 A extracts the headers of the encrypted transport stream of the specific program, which is received through the data path 111 .
  • the extracted headers are output to the work key generation block 107 through the header data path 117 .
  • a master key output from the master key storage unit 103 is converted by the key conversion block 201 to a converted master key and output to the work key generation block 102 and the work key generation block 107 through the master key paths 113 .
  • the transport stream TS is input to this encryption/decryption system 116 A from an external apparatus.
  • the PID filter 202 extracts transport packets of a specific program having a specific PID from the input transport stream, and outputs the extracted transport packets to the TS header extraction block 101 A and the encryption block 104 through the data path 109 as a transport stream of the specific program.
  • the header extraction block 101 A extracts headers from the transport stream TS of the specific program, and outputs the headers to the work key generation block 102 through the header data path 115 .
  • the work key generation block 102 generates work keys using the converted master key received through the master key path 113 and the headers received through the header data path 115 , and outputs the generated work keys to the encryption block 104 through the work key path 114 .
  • the encryption block 104 uses the work keys received through the work key path 114 as encryption keys, and encrypts the transport stream of the specific program received through the data path 109 .
  • the encrypted transport stream of the specific program is output through the data path 110 to a hard disk (HDD) 105 A as the data storage unit 105 , to be stored and cumulated therein.
  • HDD hard disk
  • the encrypted transport stream of the specific program which is stored in the hard disk 105 A, is output through the data path 111 to the TS (transport stream) header extraction block 100 A and to the decryption block 108 .
  • the TS header extraction block 106 A extracts the headers from the encrypted transport stream of the specific program, which is output through the data path 111 .
  • the extracted headers are output to the work key generation block 107 through the header data path 117 .
  • the work key generation block 107 generates work keys using the master key received through the master key path 113 , and the headers received through the header data path 117 , and outputs the work keys to the decryption block 108 through the work key path 118 .
  • the decryption block 108 decrypts the encrypted transport stream of the specific program using the work keys received through the work key path 118 , and outputs the decrypted transport stream to another processing system through the data path 112 .
  • FIG. 9 is a diagram schematically showing the format of the MPEG2 transport stream to be processed by the encryption/decryption system 116 A shown in FIG. 8.
  • a transport stream 391 includes a transport packet TS 1 , a transport packet TS 2 , a transport packet TS 3 , . . . .
  • Each transport packet TSi (“i” is a suffix) includes three kinds of headers and a payload (data body) PD.
  • the three kinds of headers includes, 47 headers 395 , a PID 396 including information regarding a program number, and a CC 397 including a Cyclic Counter value which is changed in accordance with a packet order so as to confirm the continuation of packets having the same PID information.
  • the CC 397 of the transport packet TS 1 and the CC 397 of the transport packet TS 2 include different values from each other, for example.
  • An encrypted transport stream 394 includes an encrypted transport packet ETS 1 , an encrypted transport packet ETS 2 , an encrypted transport packet ETS 3 . . . .
  • Each encrypted transport packet includes three kinds of headers and an encrypted payload EPD.
  • the thee kinds of headers are, 47 headers 395 , a PID 396 including information regarding a program number, and a CC 397 including a Cyclic Counter value which is changed in accordance with a packet order to confirm the continuation of packets having the same PID information.
  • FIG. 10 is a diagram for explaining a process in which work keys are generated in the encryption/decryption system 116 A.
  • the TS header extraction block 101 A performs a TS header extraction process 401 , and extracts the headers PID 396 and CC 397 of the transport packet TS 1 , extracts the headers PID 396 and CC 397 of the transport packet TS 2 , and repeats the same operation for the following packets.
  • the PID 396 of the transport packet TS 1 and the PID 396 of the transport packet TS 2 are the same, the value of the CC 397 of the transport packet TS 1 and the value of the CC 397 of the transport packet TS 2 necessarily take different values.
  • the work key generation block 102 performs a work key generation process 402 , and generates work keys by applying a work key generation algorithm 403 to the value of the extracted PID 396 and the value of the extracted CC 397 . That is, the work key generation block 102 generates a work key WK 1 based on the PID 396 and the CC 397 of the transport packet TS 1 , generates a work key WK 2 based on the PID 396 and the CC 397 of the transport packet TS 2 , and repeats the same operation for the following packets. As described above, since the CC 397 of the transport packet TS 1 and the CC 397 of the transport packet TS 2 are different, the work key WK 1 and the work key WK 2 result in having different values.
  • FIG. 11 is a diagram for explaining the process performed by the encryption block 104 .
  • the encryption block 104 performs an encryption process 411 , and simply outputs the headers ( 47 headers 395 , PID 396 , CC 397 ) of each of the transport packets TS 1 , TS 2 , TS 3 , . . . as they are.
  • the encryption block 104 encrypts the payload PD 1 of the transport packet TS 1 in accordance with an encryption algorithm 412 using the work key WK 1 , and outputs the encrypted payload EPD 1 . Further, the encryption block 104 encrypts the payload PD 2 of the transport packet TS 2 in accordance with the encryption algorithm 412 using the work key WK 2 , and outputs the encrypted payload EPD 2 .
  • the encryption block 104 repeats the same operation for the following payloads. Thereby, an encrypted transport packet ETS 1 including the header and the encrypted payload EPD 1 , an encrypted transport packet ETS 2 including the header and the encrypted payload EPD 2 , . . . are obtained.
  • a transport stream TS is input to the encryption/decryption system 116 through the input port 210 .
  • transport packets included in the input transport stream TS transport packets having a specific PID are extracted by the PID filter 202 , and are flowed to the data path 109 .
  • the TS header extraction block 101 A performs the TS header extraction process 401 to extract the PID 396 and CC 397 of the transport packet TS 1 flowed through the data path 109 , extract the PID 396 and CC 397 of the transport packet TS 2 , and extract the PID 396 and CC 397 of each of the following transport packets in the same way.
  • the value of the CC 397 of the transport packet TS 1 and the value of the CC 397 of the transport packet TS 2 inevitably take different values.
  • the work key generation block 10 performs the wok key generation process 402 to generate work keys using the values of the extracted PID 396 and CC 397 in accordance with the work key generation algorithm 403 , and outputs the generated work keys to the encryption block 104 through the work key path 114 . Since the CC 397 of the transport packet TS 1 and the CC 397 of the transport packet TS 2 take different values, the work key WK 1 for the transport packet TS 1 and the work key WK 2 for the transport packet TS 2 take different values even if the same algorithm and the same converted master key are used in the work key generation process 402 .
  • the transport packets TS 1 , TS 2 , . . . are input to the encryption block 104 in this order.
  • the encryption block 104 performs an encryption process 411 to simply outputs the headers ( 4 d header 395 , PID 396 , CC 397 ) of the transport packet TS 1 , and then, encrypts the payload PD 1 using the work key WK 1 to generate an encrypted payload EPD 1 , and outputs the generated encrypted payload EPD 1 .
  • the encryption block 104 simply outputs the headers of the transport packet TS 2 , and the encrypts the payload PD 2 using the work key WK 2 and outputs the encrypted payload EPD 2 .
  • the same process is repeated for the transport packet TS 3 , and transport packets thereafter.
  • the encrypted transport stream which is generated by the encryption process 411 of the encryption block 104 is output through the data path 110 to the hard disk 105 A and stored therein.
  • the work key generation block 102 and the work key generation block 107 shown in FIG. 1 and FIG. 8 are constituted by, for example, an exclusive or circuit 501 as shown in FIG. 12.
  • the exclusive or circuit 501 In a case where the work key generation block 102 shown in FIG. 1 is constituted by the exclusive or circuit 501 , the exclusive or circuit 501 generates work keys for encryption by obtaining the exclusive or of the master key supplied from the master key storage unit 103 through the master key path 113 and data which is generated from the headers supplied from the header extraction block 101 by using, for example, one-way function, and outputs the generated work keys to the work key path 114 .
  • the exclusive or circuit 501 generates work keys for description by obtaining the exclusive or of the master key supplied from the master key storage unit 103 and data generated from the headers supplied from the header extraction block 106 by using the one-way function, and outputs the generated work keys through the work key path 118 .
  • the exclusive or circuit 501 generates work keys by obtaining the exclusive or of a converted master key supplied from the key conversion block 201 and data generated from the headers supplied from the TS header extraction block 101 A, and outputs the generated work keys through the work key path.
  • the exclusive or circuit 501 generates work keys for decryption by obtaining the exclusive or of a converted master key supplied from the key conversion block 201 and data generated from the headers supplied from the TS header extraction block 106 A.
  • FIG. 13 is a block diagram showing s schematic structure of a third embodiment of the encryption/decryption system according to the present invention.
  • the encryption/decryption system 116 B is a modified example of the encryption/decryption system 116 A shown in FIG. 8. As compared to FIG. 8, the different point is that a mode control block 203 is added between the encryption block 104 and the decryption block 108 .
  • the mode control block 203 designates an encryption range (encryption area) and a decryption range (decryption area) for the encryption block 104 and the decryption block 108 respectively, and notifies the determinations to the encryption block 104 and the decryption block 108 respectively through a mode control signal 211 .
  • the mode control block 203 has two encryption modes, namely, a mode A and a mode B. As shown in FIG. 14, the mode A is for generating an encrypted payload 542 by encrypting the AP (Adaptation Field) and the payload of an original transport packet 541 , and the mode B is for generating an encrypted payload 643 by encrypting the payload of the original transport packet 541 .
  • AP Adaptation Field
  • encryption is performed by regarding the payload and AF of the transport packet 541 as the range (data body) that should be encrypted.
  • the AF of the transport packet 541 is an adaptation field prepared by expanding the header, and includes time information.
  • the mode control block 203 may select a mode in accordance with an externally supplied signal.
  • the mode control block 203 may select a mode in accordance with a PID of packets to be encrypted or decrypted flowing on the path 210 or 111 .
  • the modes A and B are for changing the ranges of encryption and decryption.
  • the mode A and B may also be for changing the ranges used for generating work keys.
  • the PID 396 and CC 397 in the headers are used for generating encryption work keys.
  • the PIF 396 , CC 397 , and AF in the headers are used for generating encryption work keys.
  • the ranges used for generating work keys may be changed in accordance with the modes A and B, unlike the above explanation of FIG. 14 where the ranges for encryption and decryption are changed.
  • the PID 396 and CC 397 in the headers are used for generating encryption work keys.
  • the PID 396 , CC 397 and AF in the headers are used for generating encryption work keys.
  • mode control information is supplied to the TS header extraction blocks 101 A and 106 A and to the work key generation blocks 102 and 107 .
  • the present invention is not limited to the above described embodiment, but can be modified and applied in various ways.
  • the present invention can be applied to a system which does not store encrypted data in the data storage unit 105 , but transmits the encrypted data.
  • the above-described encryption/decryption processes may be executed by a computer, a CPU (central processing unit), and a DSP (digital signal processor).
  • a program or program signal for controlling a computer, a CPU, and a DSP may be distributed by storing it on a recording medium such as a CD-ROM, DVD) etc., or may be transmitted through a network in form of a data signal by embodying it in a carrier wave.

Abstract

An encryption/decryption system encrypts/decrypts digital data including pairs of header information and a data body. The system includes an encryption work key generation unit, an encryption unit, a decryption work key generation unit, and a decryption unit. The encryption work key generation unit generates an encryption work key based on the header information for each data body. The encryption unit encrypts each data body using a corresponding encryption work key. The decryption work key generation unit generates decryption work key for each data body based on the corresponding header information. The decryption unit decrypts the encrypted data body of the encrypted digital data using a corresponding decryption work key, and reproduce the digital data.

Description

    BACKGROUND OF THE INVENTION
  • 1. Field of the Invention [0001]
  • The present invention relates to an encryption/decryption system used for storing and reproducing digital data of, for example, music and videos. The present invention also relates to a code decipherment prevention/falsification prevention system for rendering code decipherment difficult, and for rendering falsified data difficult to use. [0002]
  • 2. Description of the Related Art [0003]
  • When digital data of, for example, music and videos is stored and reproduced, a data encryption technique is used from the viewpoint of copyright protection. Unexamined Japanese Patent Application KOKAI Publication No. H10-290222 discloses a technique for encrypting and sending digital data to a storage device, and for decrypting encrypted data read out from the storage, However, according to the technique, its encryption algorithm may be revealed by analyzing-a mass of the encrypted digital data. Once the encryption algorithm is known by an unauthorized third party, the encrypted data is easily decrypted by the third party. [0004]
    • SUMMARY OF THE INVENTION
  • In view of the above problem, an object of the present invention is to provide an encryption/decryption system and method, for rendering code decipherment difficult and rendering falsification difficult. [0005]
  • Another object of the present invention is to provide an encryption/decryption system and method which can prevent unauthorized copying/falsifying. [0006]
  • To achieve the above object, an encryption/decryption system according to a first aspect of the present invention is an encryption/decryption system for encrypting/decrypting digital data including header information and a data body, the system comprising: [0007]
  • an encryption work key generation unit which generates an encryption work key based on the header information of the digital data; [0008]
  • an encryption unit which, as to the digital data, encrypts the data body, using the encryption work keys, and outputs the digital data; [0009]
  • a decryption work key generation unit which generates a decryption work key based on the header information of the digital data encrypted by the encryption unit; and [0010]
  • a decryption unit which, as to the digital data encrypted by the encryption unit, decrypts the encrypted data body using the decryption work key, in order to reproduce the digital data including the decrypted data body and the corresponding header information. [0011]
  • The digital data may be data made up of a series of a plurality of data blocks each including header information and a data body, and the header information may be unique to each data block, [0012]
  • said encryption work key generation unit generates an encryption work key for each data block based on the header information of the data block; [0013]
  • said encryption unit encrypts the data body of each data block, using the encryption work key generated for the data block; [0014]
  • said decryption work key generation unit generates the decryption work key for each data block based on the header information of the encrypted data block; and [0015]
  • said decryption unit decrypts the encrypted data body of each data block using the decryption work key for the data block. [0016]
  • The encryption work key generation unit may generate the encryption work key using all or a part of the header information extracted from the digital data and a master key, and the decryption work key generation unit may generate the decryption work key using all or the part of the header information extracted from the encrypted digital data and the master key. [0017]
  • The master key may be unique to each the encryption/decryption system. [0018]
  • The encryption work key generation unit and the decryption work key generation unit may respectively generate the work keys by obtaining an exclusive or of the master key and the header information. [0019]
  • The digital data may be data made up of a series of data blocks each including header information and a data body, the system may further comprise a filter which receives the digital data, extracts data blocks of a specific program based on the header information, and outputs the extracted data blocks, the encryption work key generation unit may extract the header information of the data block extracted by the filter, and generate the encryption work key based on the extracted header information, and the encryption block may encrypt the data block extracted by the filter. [0020]
  • The digital data may be data based on MPEG and made up of a series of transport packets each including header information and a payload, the system may further comprise a filter which receives the digital data, extracts transport packets of a specific program based on the header information, and outputs the extracted transport packets, the encryption work key generation unit may extract the header information of the transport packets extracted by the filter, and generate encryption work keys based n the extracted header information, and the encryption unit may encrypt the transport packet extracted by the filter. [0021]
  • The header information may include PID header information containing information regarding a program number, and CC header information containing a cyclic count value which is changed in accordance with an order of transport packets to confirm continuation of transport packets, and the encryption work key generation unit may generate the encryption work keys based on at least the PID header information and the CC header information. [0022]
  • The encryption/decryption system may comprise an encryption range determination unit which designates a range of data that should be encrypted, and notifies the designated range to the encryption unit and the decryption unit. [0023]
  • The encryption/decryption system may comprise a range determination unit which designates a range used for generating the work keys, and notifies the designated range to the encryption work key generation unit and the decryption work key generation unit. [0024]
  • The encryption unit may output the header information of the digital data as it is, encrypts the data body using the encryption work key and outputs the encrypted data body, and thereby generate encrypted data including the original header information and the encrypted data body, and the decryption unit may output the header information of the encrypted digital data as it is, decrypt the encrypted data body using the decryption work keys and output the decrypted data body, and thereby reproduce the original digital data. [0025]
  • To achieve the above object, an encryption system according to a second aspect of the present invention is an encryption system for encrypting digital data including header information and a data body, the system comprising; [0026]
  • an encryption work key generation unit which generates an encryption work key based on the header information of the digital data; and [0027]
  • an encryption unit which, as to the digital data, encrypts the data body using the encryption work key, and outputs the digital data. [0028]
  • The digital data may be data made up of a series of a plurality of data blocks each including header information and a data body, and the header information may be unique to each data block, said encryption work key generation unit generates an encryption work key for each data block based on the header information of the data block; and said encryption unit encrypts the data body of each data block using the encryption work key generated for the data block. [0029]
  • The encryption work key generation unit may generate the encryption work key using all or a part of the header information extracted from the digital data and a master key. [0030]
  • The master key may be unique to each the encryption system. [0031]
  • The encryption work key generation unit may generate the work keys by obtaining an exclusive or of the master key and the header information. [0032]
  • The digital data may be data made up of a series of data blocks each including header information and a data body, the system may further comprise a filter which receives the digital data, extracts data blocks of a specific program based on the header information, and outputs the extracted data blocks, the encryption work key generation unit may extract the header information of the data block extracted by the filter, and generate the encryption work key based on the extracted header information, and the encryption block may encrypt the data block extracted by the filter. [0033]
  • The digital data may be data based on MPEG and made up of a series of transport packets each including header information and a payload, the system may further comprise a filter which receives the digital data, extracts transport packets of a specific program based on the header information, and outputs the extracted transport packets, the encryption work key generation unit may extract the header information of the transport packets extracted by the filter, and generate encryption work keys based on the extracted header information, and the encryption unit may encrypt the transport packets extracted by the filter. [0034]
  • The header information may include PID header information containing information regarding a program number, and CC header information containing a cyclic count value which is changed in accordance with an order of transport packets to confirm continuation of transport packets, and the encryption work key generation unit may generate the encryption work keys based on at least the PID header information and the CC header information. [0035]
  • The encryption system may comprise an encryption range determination unit which designates a range of data that should be encrypted, and notifies the designated range to the encryption unit. [0036]
  • The encryption system may comprise a range determination unit which designates a range used for generating the work key, and notifies the designated range to the encryption work key generation unit. [0037]
  • The encryption unit may simply output the header information of the digital data, output the data body by encrypting it using the encryption work keys, and thereby generate encrypted data including the original header information and the encrypted data body. [0038]
  • To achieve the above object, a decryption system according to a third aspect of the present invention is a decryption system for decrypting encrypted data of digital data including header information and a data body, comprising: [0039]
  • a decryption work key generation unit which generates a decryption work key based on the header information of the encrypted digital data; and [0040]
  • a decryption unit which, as to the encrypted digital data, decrypts the data body which is encrypted, using the decryption work key, in order to reproduce the digital data including the decrypted data body and the corresponding header information. [0041]
  • The digital data may be data made up of a series of a plurality of data blocks each including header information and a data body, and the header information may be unique to each data block, said decryption work key generation unit generates the decryption work key for each data block based on the header information of the encrypted data block; and said decryption unit decrypts the encrypted data body of each data block using the decryption work key for the data block. [0042]
  • The decryption work key generation unit may generate the decryption work key using all or a part of the header information extracted from the encrypted digital data and a master key. [0043]
  • The master key may be unique to each the decryption system. [0044]
  • The decryption work key generation unit may generate the work keys by obtaining an exclusive or of the master key and the header information. [0045]
  • The decryption system may comprise a decryption range determination unit which designates a range of data that should be decrypted, and notifies the designated range to the decryption unit. [0046]
  • The decryption system may comprise a range determination unit which designates a range used for generating the work keys, and notifies the designated range to the decryption work key generation unit. [0047]
  • The decryption unit may output the header information of the encrypted digital data as it is, decrypt the encrypted data body using the decryption work keys and outputs the decrypted data body, and thereby reproduce the original digital data. [0048]
  • To achieve the above object, an encryption method according to a fourth aspect of the present invention is a method of encrypting digital data including header information and a data body, the method comprising: [0049]
  • generating an encryption work key based on the header information of the digital data; and [0050]
  • encrypting, as to the digital data, the data body using the encryption work key, and outputting the digital data. [0051]
  • To achieve the above object, a computer program according to a fifth aspect of the present invention is a program for controlling a computer to [0052] 10 execute the above-described encryption method.
  • To achieve the above object, a decryption method according to a sixth aspect of the present invention is a method of decrypting encrypted data of digital data including header information and a data body, the method comprising: [0053]
  • generating decryption work keys based on the header information of the encrypted digital data; and [0054]
  • decrypting, as to the encrypted digital data, the data body which is encrypted using the decryption work keys, in order to reproduce the digital data including the decrypted data body and the corresponding header information. [0055]
  • To achieve the above object, a computer program according to seventh aspect of the present invention is a program for controlling a computer to execute the above-described decryption method.[0056]
    • BRIEF DESCRIPTION OF THE DRAWINGS
  • These objects and other objects and advantages of the present invention will become more apparent upon reading of the following detailed description and the accompanying drawings in which: [0057]
  • FIG. 1 is a block diagram showing an encryption/decryption system according to a first embodiment of the present invention; [0058]
  • FIG. 2 is a diagram for explaining a format of digital data processed by the encryption/[0059] decryption system 116 shown in FIG. 1;
  • FIG. 3 is a diagram for explaining a process for generating work keys used when data is encrypted; [0060]
  • FIG. 4 is a diagram for explaining a process performed by an [0061] encryption block 104;
  • FIG. 5 is a diagram for explaining a process for generating work keys used when data is decrypted; [0062]
  • FIG. 6 is a diagram for explaining a process performed by a [0063] decryption block 108;
  • FIG. 7 is a diagram for explaining a process for generating work keys for decryption, in a case where digital data is falsified; [0064]
  • FIG. 8 is a block diagram showing a structure of an encryption/decryption system according to a second embodiment of the present invention; [0065]
  • FIG. 9 is a diagram schematically showing a format of an MPEG2 transport stream to be processed by the encryption/[0066] decryption system 116A shown in FIG. 8;
  • FIG. 10 is a diagram for explaining a process for generating work keys in the encryption/[0067] decryption system 116;
  • FIG. 11 is a diagram for explaining a process performed by the [0068] encryption block 104;
  • FIG. 12 is a block diagram showing an example of a structure of a work [0069] key generation block 102 or 107;
  • FIG. 13 is a block diagram showing a schematic structure of an encryption/decryption system according to a third embodiment of the present invention; and [0070]
  • FIG. 14 is a diagram showing formats of a transport packet before and after being encrypted by the encryption/[0071] decryption system 116 shown in FIG. 13.
    • DETAILED DESCRIPTION OF THE PREFERRED EMBODIMENTS
  • An encryption/decryption system according to a first embodiment of the present invention will now be explained with reference to the drawings. [0072]
  • (First Embodiment) [0073]
  • An encryption/[0074] decryption system 116 according to the first embodiment of the present invention comprises a header extraction block 101, a work key (encryption key) generation block 102, a master key storage unit 103, an encryption block 104, a header extraction block 106, a work key (decryption key) generation block 107, and a decryption block 108, as shown in FIG. 1.
  • Digital data to be processed is input to the encryption/[0075] decryption system 116 from another processing system through a data path (data stream) 109. Digital data processed by the encryption/decryption system 116 is output to another processing system through a data path 112.
  • A [0076] data storage unit 105 is connected to the encryption/decryption system 116. The data storage unit 105 is constituted by a hard disk, a memory, or the like, and receives encrypted digital data processed by the encryption/decryption system 116 through a data path 110, and stores the received encrypted digital data.
  • Digital data stored in the [0077] data storage unit 105 is read out form it and supplied to the encryption/decryption system 116 through a data path 111.
  • The [0078] header extraction block 101 of the encryption/decryption system 116 extracts headers (or header information) from the digital data to be processed which is input through the data path 109. The header extraction clock 101 outputs the extracted headers to the work key generation block 102 through a header data path 115.
  • The master [0079] key storage unit 103 is constituted by a flash ROM or the like. The master key is unique to each encryption/decryption system 116. The master key storage unit 103 stores master key information necessary for encryption and decryption. The master key storage unit 103 outputs master key information to the work key generation blocks 102 and 107 through master key paths 113.
  • The work [0080] key generation block 102 receives headers (or header information, header data) from the header extraction block 101 through the header data path 115. Further,.the work key generation block 102 receives the master key information from the master key storage unit 103 through the master key path 113. The work key generation block 102 generates a work key necessary for encrypting the input digital data, using the headers extracted by the header extraction block 101 and the master key information output from the master key storage unit 103. The work key generation block 102 outputs the generated work key to the encryption block 104 through a work key path 114.
  • The [0081] encryption block 104 receives digital data to be processed from another processing system through the data path 109, and receives the work key from the work key generation block 102 through the work key path 114: The encryption block 104 encrypts payloads of the digital data to be processed using the work key, and outputs the encrypted digital data to the data storage unit 105 through the data path 110.
  • The [0082] header extraction block 106 receives the encrypted data output from the data storage unit 105 through the data path 111, and extracts headers from the encrypted data. The header extraction block 106 outputs the extracted headers to the work key generation block 107.
  • The work [0083] key generation block 107 receives the headers of the encrypted data through a header data path 117, and receives a master key from the master key storage unit 103 through the master key paths 113. The work key generation block 107 generates work keys necessary for decryption by using the headers of the encrypted data and the master key. The work key generation block 107 outputs the generated work keys to the decryption block 108 through a work key path 118.
  • The [0084] decryption block 108 receives the work key from the work key generation block 107 through the work key path 118, and receives the encrypted data from the data storage unit 105 through the data path 111. The decryption block 108 decrypts the received encrypted data using the work key, and outputs the decrypted digital data to another processing system through the data path 112. FIG. 2 is a diagram for explaining the format of the digital data 21 to be processed by the encryption/decryption system 116 and that of the encrypted digital data 24 processed by the encryption/decryption system 116.
  • As shown in FIG. 2, [0085] digital data 21 to be input to the encryption/decryption system 116 in the form of data stream through the data path 109 has a structure in which data (data block) D1, D2, D3, . . . are supplied in this order. The data D1, D2, D3, . . . respectively include a pair of a header HD1 and a payload (data body) PD2, a pair of a header HD2 and a payload (data body) PD2, a pair of a header PH3 and a payload (data body) PD3, . . . .
  • The [0086] digital data 21 is encrypted by the encryption block 104 and converted into encrypted digital data 24 having a format shown in FIG. 2. As shown in FIG. 2, the encrypted digital data 24 has a structure in which encrypted data ED1, ED2, ED3, . . . are output in this order. The encrypted data ED1, ED2, ED3, . . . respectively include a pair of an unencrypted header HD1 and an encrypted payload EPD1, a pair of an unencrypted header HD2 and an encrypted payload EPD2, a pair of an unencrypted header HD3 and an encrypted payload EPD3, as shown in FIG. 2.
  • Data stored in the [0087] data storage unit 105 and data output from the data storage unit 105 through the data path 111 both have the same structure as the encrypted digital data 24.
  • Further, digital data decrypted by the [0088] decryption block 108 and output from the encryption/decryption system 116 through the data path 112 has the same structure as the digital data 21.
  • FIG. 3 is a diagram for explaining procedures for generating the work keys for encryption. [0089]
  • When the stream of the [0090] digital data 21 shown in FIG. 3 is supplied through the data path 109 to the encryption/decryption system 116, the header extraction block 101 performs a header extraction process 31 to extract the headers HD1, HD2, HD3, . . . included in the data D1, D2, D3, . . . contained in the digital data 21. The header extraction block 101 outputs the extracted headers HD1, HD2, HD3, . . . to the work key generation block 102.
  • The work [0091] key generation block 102 performs a work key generation process 32 shown in FIG. 3 to generate work keys WK1, WK2, WK3, . . . in accordance with a work key generation algorithm 33 using a master key and each of the headers HD1, HD2, HD3, . . . . The work key generation algorithm 33 is arbitrary. For example, the data of the headers may be converted into data having the same bit number as that of the master key by using an arbitrary function (for example, a hash function), and the exclusive or of the converted headers and the master key may be obtained. Further, the headers may not be fully used, but may be partially used.
  • FIG. 4 is a diagram for explaining a process performed by the [0092] encryption block 104. As shown in FIG. 4, the encryption block 104 performs an encryption process 41, but simply outputs the headers HD1, HD2, HD3, . . . of the data D1, D2, D3, . . . included in the digital data 21 without encrypting them. On the other hand, the encryption block 104 encrypts the payloads PD1, PD2, PD3, . . . in accordance with an encryption algorithm 42 of the encryption block 104, using the work keys WK1, WK2, WK3, . . . generated for the data D1, D2, D3, . . . respectively, and outputs the encrypted payloads EPD1, EPD2, EPD3 . . .. The headers HD1, HD2, HD3, . . . and the encrypted payloads EPD1, EPD2, EPD3 . . . constitute encrypted data ED1, ED2, ED3 . . . , respectively.
  • FIG. 5 is a diagram for explaining processes performed by the [0093] header extraction block 106 and the work key generation block 107. As shown in FIG. 5, the encrypted digital data 24 is supplied from the data storage unit 106 in the form of the data stream to the encryption/decryption system 116. The header extraction block 106 performs a header extraction process 53 to extract the headers HD1, HD2, HD3, . . . of the encrypted data ED1, ED2, ED3, . . . included in the encrypted digital data 24, and outputs the extracted headers to the work key generation block 107.
  • The work [0094] key generation block 107 performs a work key generation process 54 to generate work keys WK1, WK2, WK3, . . . in accordance with a work key generation algorithm 55 by using a master key and the headers HD1, HD2, HD3, . . . . The work key generation algorithm 55 is the same as the work key generation algorithm 33.
  • FIG. 6 is a diagram for explaining a process performed by the [0095] decryption block 108. As shown in FIG. 6, the decryption block 108 performs a decryption process 61, however simply outputs the headers HD1, HD2, HD3, . . . of the encrypted data ED1, ED2, ED3, . . . included in the encrypted digital data 24. On the other hand, the decryption block 108 decrypts the encrypted payloads EPD1, EPD2, EPD3, . . . using the work keys WK1, WK2, WK3, . . . in accordance with a decryption algorithm 62. Thereby, the decryption block 108 restores the payload PD1, PD2, PD3, . . . , and outputs them. As a result, the original digital data 21 is restored.
  • FIG. 7 is a diagram for explaining a process for generating work keys for decryption, in a case where the encrypted [0096] digital data 24 is falsified.
  • Here, [0097] digital data 71 which is the encrypted digital data 24 whose headers HD1, HD2, HD3 . . . are falsified will be considered.
  • The [0098] header extraction block 106 performs the header extraction process 53, and thereby extracts falsified headers FHD1, FHD2, FHD3, . . . .
  • The work [0099] key generation block 107 performs the work key generation process 54 using a master key and the falsified headers FHD1, FHD2, FHD3, . . . in accordance with the work key generation algorithm 55, and thereby generates work keys FWK1, FWK2, FWK3, . . . .
  • Next, an encryption operation and a decryption operation of the encryption/[0100] decryption system 116 shown in FIG. 1 will be explained with reference to FIG. 2 to FIG. 7.
  • The [0101] digital data 21 having the structure shown in FIG. 2 is input to the encryption/decryption system 116, in the form of the data stream, shown in FIG. 1 through the data path 109.
  • The [0102] header extraction block 101 performs header extraction process 31 to extract the headers HD1, HD2, HD3, . . . included in the data D1, D2, D3, . . . of the input digital data 21 as shown in FIG. 3, and outputs the extracted headers to the work key generation block 102 through the header data path 115. The work key generation block 102 performs the work key generation process 32 to generate work keys WK1, WK2, WK3, . . . necessary for encrypting the payloads PD1, PD2, PD3, . . . included in the data D1, D2, D3, . . . . That is, the work key generation block 102 generates the work keys WK1, WK2, WK3, . . . by processing a master key and the headers HD1, HD2, HD3, . . . included in the data D1, D2, D3, . . . in accordance with the work key generation algorithm 33. The work keys WK1, WK2, WK3, . . . generated in this manner are sequentially output to the encryption block 104 through the work key path 114.
  • The [0103] encryption block 104 performs the encryption process 41 shown in FIG. 4 to simply output the headers HD1, HD2, HD3, . . . included in the sequentially supplied data D1, D2, D3, . . . , and to encrypt the payloads PD1, PD2, PD3, . . . using the work keys WK1, WK2, WK3, . . . to generate and output encrypted payload EPD1, EPD2, EPD3, . . . . As a result, the encrypted digital data 24 including encrypted data ED1 made up of the unchanged header HD1 and the encrypted payload EPD1, encrypted data ED2 made up of the unchanged header HD2 and the encrypted payload EPD2, encrypted data ED3 made up of the unchanged header HD3 and the encrypted payload EPD3, . . . is generated.
  • The encrypted [0104] digital data 24 which is encrypted by the encryption process 41 performed by the encryption block 104 is output to the data storage unit 105 through the data path 110. The data storage unit 105 stores the supplied encrypted digital data 24.
  • As described above, encryption of the [0105] digital data 21 is performed by generating the work keys WK1, WK2, WK3, . . . using the headers HD1, HD2, HD3, . . . of the data D1, D2, D3, . . . .
  • Next, an operation for decrypting and outputting data stored in the [0106] data storage unit 105 will be explained.
  • Let it be assumed that the encrypted [0107] digital data 24 shown in FIG. 2 is supplied from the data storage unit 105 to the encryption/decryption system 116.
  • The [0108] header extraction block 106 performs the header extraction process 53 shown in FIG. 5 to sequentially extract the headers HD1, HD2, HD3, . . . of the encrypted data ED1, ED2, ED3, . . . , and outputs the extracted headers to the work key generation block 107.
  • The work [0109] key generation block 107 performs the work key generation process 54 to sequentially generate work keys WK1, WK2, WK3, . . . , using the headers HD1, HD2, HD3, . . . and a master key in accordance with the work key generation algorithm 56. The generated work keys WK1, WK2, WK3, . . . are sequentially output to the decryption block 108 through the work key path 118.
  • The work [0110] key generation algorithm 55 is the same as the work key generation algorithm. 33 used in encryption, and the headers HD1, HD2, HD3, . . . and the master key are identical with those used in encryption. Accordingly, the generated work keys WK1, WK2, WK3, . . . have the same values as the work keys WK1, WK2, WK3, . . . used in encryption.
  • The [0111] decryption block 108 performs the decryption process 61 shown in FIG. 6 to simply output the header HD1 of the encrypted data ED1, and decrypt the encrypted payload EPD1 using the work key WK1 and output the decrypted payload. Next, the decryption block 108 simply outputs the header HD2 of the encrypted data ED2, and decrypts the encrypted payload EPD2 using the work key WK2 and outputs the decrypted payload. The decryption block 108 repeats the same operation for the following data.
  • The work keys WK[0112] 1, WK2, WK3, . . . used for decrypting the encrypted data ED1, ED2, ED3, . . . are the same as the work keys WK1, WK2, WK3 used for encryption. Therefore, the encrypted data ED1, ED2, ED3, . . . can be properly decrypted and the original data D1, D2, D3, . . . can be obtained. The data D1, D2, D3, . . . decrypted by the decryption block 108 are output to another processing system through the data path 112.
  • Next, an operation of the encryption/[0113] decryption system 116 in a case where the headers of the encrypted digital data 24 is falsified will be explained.
  • Here, let it be assumed that [0114] digital data 71 shown in FIG. 7, which is the encrypted digital data 24 whose headers is falsified is output from the data storage unit 105. This falsified digital data 71 is supplied to the header extraction block 106.
  • The [0115] header extraction block 106 performs the header extraction process 53 to extract the falsified headers FHD1, FHD2, FHD3, . . . of the falsified encrypted data FED1, FED2, FED3, . . . , and outputs the extracted headers to the work key generation block 107.
  • The work [0116] key generation block 107 performs the work key generation process 54 to process a master key supplied from the master key storage unit 103 and the falsified headers FHD1, FHD2, FHD3, . . . supplied from the header extraction block 106 in accordance with the work key generation algorithm 55, thereby generating work keys FWK1, FWK2, FWK3, . . . The generated work keys FWK1, FWK2, FWK3, . . . take different values from those of the work keys WK1, WK2, WK3, . . . used at the time of encryption, since the falsified headers FHD1, FHD2, FHD3, . . . are different from the headers HD1, HD2, HD3, . . . used at the time of encryption. The work key generation block 107 supplies the generated work keys FWK1, FWK2, FWK3, . . . to the decryption block 108.
  • The [0117] decryption block 108 decrypts the encrypted payloads EPD1, EPD2, EPD3, . . . using the supplied work keys FWK1, FWK2, FWK3, . . . However, since the generated work keys FWK1, FWK2, FWK3, . . . are different from the work keys WK1, WK2, WK3, . . . used at the time of encryption, the payloads PD1, PD2, PD3 can not be properly restored.
  • As described above, the encryption/[0118] decryption system 116 according to the present embodiment uses not only a master key, but also headers in order to generate work keys. This means that the respective payloads will be encrypted using work keys different from one another. Therefore, even if a plurality of payloads are encrypted using the same encryption algorithm and the same master key, work keys used for encrypting the payloads are different payload by payload. That is, the encryption scheme is different data by data.
  • In a case where data are encrypted by a single master key, there is a possibility that the encryption algorithm will be deciphered by analyzing a mass of data. However, according to the encryption/[0119] decryption system 116 according to the present embodiment, since each data has its own work key prepared, the encryption algorithm is not easy to reveal.
  • Further, in a case where the header of the digital data after being encrypted is falsified, the payloads can not be decrypted since it is impossible to generate work keys identical with the work keys used in encryption. Therefore, if digital data is falsified, this digital data can no longer be used. [0120]
  • Next, an embodiment where the encryption/decryption system of the present invention is applied to an encryption/decryption process for an MPEG (Moving Picture Experts Group) 2 transport stream will be explained. [0121]
  • FIG. 8 is a block diagram showing the structure of an encryption/[0122] decryption system 116A according to a second embodiment.
  • The basic structure of the encrption/[0123] decryption system 116A according to the present embodiment is the same as the encryption/decryption system 116 shown in FIG. 1. However, the encryption/decryption system 116A has the following features different from the system shown in FIG. 1, in order to record and reproduce an MPEG2 transport stream (TS).
  • First, the encryption/[0124] decryption system 116A comprises a key conversion block 201 and a PID filter 202. Further, the encryption/decryption system 116A comprises a TS header extraction blocks 101A and 106A instead of the header extraction blocks 101 and 106.
  • The [0125] key conversion block 201 is connected between the master key storage unit 103 and the work key generation blocks 102 and 107. The key conversion block 201 converts a master key output from the master key storage unit 103 into another key using a secret algorithm in order to enhance security.
  • The [0126] PID filter 202 extracts transport packets of a specific program having a specific PID (Packet IDentifier) from an input transport stream, and outputs the extracted transport packets to the TS header extraction block 101A and the encryption block 104 through the data path 109 as a transport stream of the specific program.
  • The TS (Transport Stream) [0127] header extraction block 101A extracts headers from the transport stream of the specific program, and outputs the extracted headers to the work key generation block 102 through the header data path 115.
  • The TS [0128] header extraction block 106A extracts the headers of the encrypted transport stream of the specific program, which is received through the data path 111. The extracted headers are output to the work key generation block 107 through the header data path 117.
  • Next, a general operation of the encryption/[0129] decryption system 116A having the above-described structure will be explained.
  • A master key output from the master [0130] key storage unit 103 is converted by the key conversion block 201 to a converted master key and output to the work key generation block 102 and the work key generation block 107 through the master key paths 113.
  • The transport stream TS is input to this encryption/[0131] decryption system 116A from an external apparatus. The PID filter 202 extracts transport packets of a specific program having a specific PID from the input transport stream, and outputs the extracted transport packets to the TS header extraction block 101A and the encryption block 104 through the data path 109 as a transport stream of the specific program.
  • The [0132] header extraction block 101A extracts headers from the transport stream TS of the specific program, and outputs the headers to the work key generation block 102 through the header data path 115.
  • The work [0133] key generation block 102 generates work keys using the converted master key received through the master key path 113 and the headers received through the header data path 115, and outputs the generated work keys to the encryption block 104 through the work key path 114.
  • The [0134] encryption block 104 uses the work keys received through the work key path 114 as encryption keys, and encrypts the transport stream of the specific program received through the data path 109.
  • The encrypted transport stream of the specific program is output through the [0135] data path 110 to a hard disk (HDD) 105A as the data storage unit 105, to be stored and cumulated therein.
  • The encrypted transport stream of the specific program, which is stored in the [0136] hard disk 105A, is output through the data path 111 to the TS (transport stream) header extraction block 100A and to the decryption block 108.
  • The TS [0137] header extraction block 106A extracts the headers from the encrypted transport stream of the specific program, which is output through the data path 111. The extracted headers are output to the work key generation block 107 through the header data path 117.
  • The work [0138] key generation block 107 generates work keys using the master key received through the master key path 113, and the headers received through the header data path 117, and outputs the work keys to the decryption block 108 through the work key path 118.
  • The [0139] decryption block 108 decrypts the encrypted transport stream of the specific program using the work keys received through the work key path 118, and outputs the decrypted transport stream to another processing system through the data path 112.
  • FIG. 9 is a diagram schematically showing the format of the MPEG2 transport stream to be processed by the encryption/[0140] decryption system 116A shown in FIG. 8.
  • As shown in FIG. 9, a [0141] transport stream 391 includes a transport packet TS1, a transport packet TS2, a transport packet TS3, . . . .
  • Each transport packet TSi (“i” is a suffix) includes three kinds of headers and a payload (data body) PD. The three kinds of headers includes, [0142] 47 headers 395, a PID 396 including information regarding a program number, and a CC 397 including a Cyclic Counter value which is changed in accordance with a packet order so as to confirm the continuation of packets having the same PID information. The CC 397 of the transport packet TS1 and the CC 397 of the transport packet TS2 include different values from each other, for example.
  • An [0143] encrypted transport stream 394 includes an encrypted transport packet ETS1, an encrypted transport packet ETS2, an encrypted transport packet ETS3 . . . .
  • Each encrypted transport packet includes three kinds of headers and an encrypted payload EPD. The thee kinds of headers are, [0144] 47 headers 395, a PID 396 including information regarding a program number, and a CC 397 including a Cyclic Counter value which is changed in accordance with a packet order to confirm the continuation of packets having the same PID information.
  • FIG. 10 is a diagram for explaining a process in which work keys are generated in the encryption/[0145] decryption system 116A.
  • As shown in FIG. 10, the TS [0146] header extraction block 101A performs a TS header extraction process 401, and extracts the headers PID 396 and CC 397 of the transport packet TS1, extracts the headers PID 396 and CC 397 of the transport packet TS2, and repeats the same operation for the following packets. Here, in a case where the PID 396 of the transport packet TS1 and the PID 396 of the transport packet TS2 are the same, the value of the CC 397 of the transport packet TS1 and the value of the CC 397 of the transport packet TS2 necessarily take different values.
  • The work [0147] key generation block 102 performs a work key generation process 402, and generates work keys by applying a work key generation algorithm 403 to the value of the extracted PID 396 and the value of the extracted CC 397. That is, the work key generation block 102 generates a work key WK1 based on the PID 396 and the CC 397 of the transport packet TS1, generates a work key WK2 based on the PID 396 and the CC 397 of the transport packet TS2, and repeats the same operation for the following packets. As described above, since the CC 397 of the transport packet TS1 and the CC 397 of the transport packet TS2 are different, the work key WK1 and the work key WK2 result in having different values.
  • FIG. 11 is a diagram for explaining the process performed by the [0148] encryption block 104.
  • The [0149] encryption block 104 performs an encryption process 411, and simply outputs the headers (47 headers 395, PID 396, CC 397) of each of the transport packets TS1, TS2, TS3, . . . as they are.
  • On the other hand, the [0150] encryption block 104 encrypts the payload PD1 of the transport packet TS1 in accordance with an encryption algorithm 412 using the work key WK1, and outputs the encrypted payload EPD1. Further, the encryption block 104 encrypts the payload PD2 of the transport packet TS2 in accordance with the encryption algorithm 412 using the work key WK2, and outputs the encrypted payload EPD2. The encryption block 104 repeats the same operation for the following payloads. Thereby, an encrypted transport packet ETS1 including the header and the encrypted payload EPD1, an encrypted transport packet ETS2 including the header and the encrypted payload EPD2, . . . are obtained.
  • Next, the processes performed by the encryption/[0151] decryption system 116A will be explained.
  • A transport stream TS is input to the encryption/[0152] decryption system 116 through the input port 210. Among transport packets included in the input transport stream TS, transport packets having a specific PID are extracted by the PID filter 202, and are flowed to the data path 109.
  • As explained above with reference to FIG. 10, the TS [0153] header extraction block 101A performs the TS header extraction process 401 to extract the PID 396 and CC 397 of the transport packet TS1 flowed through the data path 109, extract the PID 396 and CC 397 of the transport packet TS2, and extract the PID 396 and CC 397 of each of the following transport packets in the same way. As described above, in a case where the transport packet TS1 and the transport packet TS2 have the same PID, the value of the CC 397 of the transport packet TS1 and the value of the CC 397 of the transport packet TS2 inevitably take different values.
  • The work key generation block [0154] 10 performs the wok key generation process 402 to generate work keys using the values of the extracted PID 396 and CC 397 in accordance with the work key generation algorithm 403, and outputs the generated work keys to the encryption block 104 through the work key path 114. Since the CC 397 of the transport packet TS1 and the CC 397 of the transport packet TS2 take different values, the work key WK1 for the transport packet TS1 and the work key WK2 for the transport packet TS2 take different values even if the same algorithm and the same converted master key are used in the work key generation process 402.
  • The transport packets TS[0155] 1, TS2, . . . are input to the encryption block 104 in this order. The encryption block 104 performs an encryption process 411 to simply outputs the headers ( 4 d header 395, PID 396, CC 397) of the transport packet TS1, and then, encrypts the payload PD1 using the work key WK1 to generate an encrypted payload EPD1, and outputs the generated encrypted payload EPD1. Likewise, the encryption block 104 simply outputs the headers of the transport packet TS2, and the encrypts the payload PD2 using the work key WK2 and outputs the encrypted payload EPD2. The same process is repeated for the transport packet TS3, and transport packets thereafter.
  • The encrypted transport stream which is generated by the [0156] encryption process 411 of the encryption block 104 is output through the data path 110 to the hard disk 105A and stored therein.
  • By generating work keys based-on the [0157] PIDs 396 and CCs 397 of the respective transport packets as described above, it is possible to sufficiently secure the variation of the work keys.
  • In a case where only the [0158] PID 396 is used for generating work keys, only one key is prepared for a specific program. Further, in a case where work keys are generated using only the CC 397, the variation of work keys is narrowed. This is because, since the CC 397 is a value changed by the cyclic counter, the digital data to be encrypted by the encryption/decryption system 116 is encrypted using work keys which are changed cyclically.
  • Accordingly, by generating work keys using the [0159] headers PID 396 and CC 397, it is possible to sufficiently broaden the variation of the work keys.
  • The work [0160] key generation block 102 and the work key generation block 107 shown in FIG. 1 and FIG. 8 are constituted by, for example, an exclusive or circuit 501 as shown in FIG. 12.
  • In a case where the work [0161] key generation block 102 shown in FIG. 1 is constituted by the exclusive or circuit 501, the exclusive or circuit 501 generates work keys for encryption by obtaining the exclusive or of the master key supplied from the master key storage unit 103 through the master key path 113 and data which is generated from the headers supplied from the header extraction block 101 by using, for example, one-way function, and outputs the generated work keys to the work key path 114.
  • Likewise, in a case where the work [0162] key generation block 107 shown in FIG. 1 is constituted by the exclusive or circuit 501, the exclusive or circuit 501 generates work keys for description by obtaining the exclusive or of the master key supplied from the master key storage unit 103 and data generated from the headers supplied from the header extraction block 106 by using the one-way function, and outputs the generated work keys through the work key path 118.
  • Further, in a case where the work [0163] key generation block 102 shown in FIG. 8 is constituted by the exclusive or circuit 501, the exclusive or circuit 501 generates work keys by obtaining the exclusive or of a converted master key supplied from the key conversion block 201 and data generated from the headers supplied from the TS header extraction block 101A, and outputs the generated work keys through the work key path.
  • Likewise, in a case where the work [0164] key generation block 107 shown in FIG. 8 is constituted by the exclusive or circuit 501, the exclusive or circuit 501 generates work keys for decryption by obtaining the exclusive or of a converted master key supplied from the key conversion block 201 and data generated from the headers supplied from the TS header extraction block 106A.
  • FIG. 13 is a block diagram showing s schematic structure of a third embodiment of the encryption/decryption system according to the present invention. [0165]
  • The encryption/[0166] decryption system 116B according to the present embodiment is a modified example of the encryption/decryption system 116A shown in FIG. 8. As compared to FIG. 8, the different point is that a mode control block 203 is added between the encryption block 104 and the decryption block 108. The mode control block 203 designates an encryption range (encryption area) and a decryption range (decryption area) for the encryption block 104 and the decryption block 108 respectively, and notifies the determinations to the encryption block 104 and the decryption block 108 respectively through a mode control signal 211.
  • The [0167] mode control block 203 has two encryption modes, namely, a mode A and a mode B. As shown in FIG. 14, the mode A is for generating an encrypted payload 542 by encrypting the AP (Adaptation Field) and the payload of an original transport packet 541, and the mode B is for generating an encrypted payload 643 by encrypting the payload of the original transport packet 541.
  • Next, with reference to FIG. 14, an operation of the [0168] mode control block 203 will be explained.
  • In a case where the mode A is selected for encrypting the [0169] transport packet 541, encryption is performed by regarding the payload and AF of the transport packet 541 as the range (data body) that should be encrypted. The AF of the transport packet 541 is an adaptation field prepared by expanding the header, and includes time information.
  • Next, in a case where the mode B is selected, encryption is performed by regarding the payload of the [0170] transport packet 541 as the range (data body) that should be encrypted, thereby an encrypted transport packet 543 is generated.
  • In this manner, it is possible to select the mode A when the AF information is to be encrypted, and to select the mode B when the AF information is not to be encrypted. Therefore, the range that should be encrypted can be arbitrarily controlled. The way to select a mode is arbitrary. For example, the [0171] mode control block 203 may select a mode in accordance with an externally supplied signal. Or, the mode control block 203 may select a mode in accordance with a PID of packets to be encrypted or decrypted flowing on the path 210 or 111.
  • The above explanation concerns an integral encryption/decryption system. However, the present invention is not limited to this, but can be applied to a single body of encryption system and a single body of decryption system. [0172]
  • In the explanation of FIG. 14, the modes A and B are for changing the ranges of encryption and decryption. However, the mode A and B may also be for changing the ranges used for generating work keys. For example, in case of the mode A, the [0173] PID 396 and CC 397 in the headers are used for generating encryption work keys. In case of the mode B, the PIF 396, CC397, and AF in the headers are used for generating encryption work keys. In this case, the ranges used for generating work keys may be changed in accordance with the modes A and B, unlike the above explanation of FIG. 14 where the ranges for encryption and decryption are changed. For example, in case of the mode A, the PID 396 and CC 397 in the headers are used for generating encryption work keys. In case of the mode B, the PID 396, CC 397 and AF in the headers are used for generating encryption work keys. In this case, mode control information is supplied to the TS header extraction blocks 101A and 106A and to the work key generation blocks 102 and 107.
  • The present invention is not limited to the above described embodiment, but can be modified and applied in various ways. For example, the present invention can be applied to a system which does not store encrypted data in the [0174] data storage unit 105, but transmits the encrypted data.
  • The above-described encryption/decryption processes may be executed by a computer, a CPU (central processing unit), and a DSP (digital signal processor). For this purpose, a program or program signal for controlling a computer, a CPU, and a DSP may be distributed by storing it on a recording medium such as a CD-ROM, DVD) etc., or may be transmitted through a network in form of a data signal by embodying it in a carrier wave. [0175]
  • Various embodiments and changes may be made thereunto without departing from the broad spirit and scope of the invention. The above-described embodiments are intended to illustrate the present invention, not to limit the scope of the present invention. The scope of the present invention is shown by the attached claims rather than the embodiments. Various modifications made within the meaning of an equivalent of the claims of the invention and within the claims are to be regarded to be in the scope of the present invention. [0176]
  • This application is based on Japanese Patent Application No. 2002-134170 filed on May 9, 2002 and including specification, claims[0177] 7 drawings and summary. The disclosure of the above Japanese Patent Application is incorporated herein by reference in its entirety.

Claims (34)

What is claimed is:
1. An encryption/decryption system for encrypting/decrypting digital data including header information and a data body, said system comprising:
an encryption work key generation unit which generates an encryption work key based on the header information of the digital data;
an encryption unit which, as to the digital data, encrypts the data body, using the encryption work key, and outputs the digital data;
a decryption work key generation unit which generates a decryption work key based on the header information of the digital data encrypted by said encryption unit; and
a decryption unit which, as to the digital data encrypted by said encryption unit, decrypts the encrypted data body using the decryption work key, in order to reproduce the digital data including the decrypted data body and the corresponding header information.
2. The encryption/decryption system according to claim 1,
wherein the digital data is data made up of a series of a plurality of data blocks each including header information and a data body, and the header information is unique to each data block,
said encryption work key generation unit generates an encryption work key for each data block based on the header information of the data block;
said encryption unit encrypts the data body of each data block, using the encryption work key generated for the data block;
said decryption work key generation unit generates the decryption work key for each data block based on the header information of the encrypted data block; and
said decryption unit decrypts the encrypted data body of each data block using the decryption work key for the data block.
3. The encryption/decryption system according to claim 1, wherein:
said encryption work key generation unit generates the encryption work key using all or a part of the header information extracted from the digital data and a master key; and
said decryption work key generation unit generates the decryption work key using all or the part of the header information extracted from the encrypted digital data and the master key.
4. The encryption/decryption system according to claim 3,
wherein the master key is unique to each said encryption/decryption system.
5. The encryption/decryption system according to claim 3,
wherein said encryption work key generation unit and said decryption work key generation unit respectively generate the work keys by obtaining an exclusive or of the master key and the header information.
6. The encryption/decryption system according to claim 1, wherein:
the digital data is data made up of a series of data blocks each including header information and a data body;
said system farther comprises a filter which receives the digital data, extracts data blocks of a specific program based on the header information, and outputs the extracted data blocks;
said encryption work key generation unit extracts the header information of the data block extracted by said filter, and generates the encryption work key based on the extracted header information; and
said encryption block encrypts the data block extracted by said filter.
7. The encryption/decryption system according to claim 1, wherein:
said digital data is data based on MPEG and made up of a series of transport packets each including header information and a payload;
said system further comprises a filter which receives the digital data, extracts transport packets of a specific program based on the header information, and outputs the extracted transport packets;
said encryption work key generation unit extracts the header information of the transport packets extracted by said filter, and generates encryption work keys based on the extracted header information; and
said encryption unit encrypts the transport packets extracted by said filter.
8. The encryption/decryption system according to claim 7, wherein:
the header information includes PID header information containing information regarding a program number, and CC header information containing a cyclic count value which is changed in accordance with an order of transport packets to confirm continuation of transport packets; and
said encryption work key generation unit generates the encryption work keys based on at least the PID header information and the CC header information.
9. The encryption/decryption system according to claim 1, comprising an encryption range designation unit which designates a range of data that should be encrypted, and notifies the designated range to said encryption unit and said decryption unit.
10. The encryption/decryption system according to claim 1, comprising a range designation unit which designates a range used for generating the work key, and notifies the designated range to said encryption work key generation unit and said decryption work key generation unit.
11. The encryption/decryption system according to claim 1, wherein:
said encryption unit outputs the header information of the digital data as it is, encrypts the data body using the encryption work key and outputs the encrypted data body, and thereby generates encrypted data including the original header information and the encrypted data body; and
said decryption unit outputs the header information of the encrypted digital data as it is, decrypts the encrypted data body using the decryption work keys and outputs the decrypted data body, and thereby reproduces the original digital data.
12. An encryption system for encrypting digital data including header information and a data body, said system comprising:
an encryption work key generation unit which generates an encryption work key based on the header information of the digital data; and
an encryption unit which, as to the digital data, encrypts the data body using the encryption work key, and outputs the digital data.
13. The encryption system according to claim 12, wherein the digital data is data made up of a series of a plurality of data blocks each including header information and a data body, and the header information is unique to each data block,
said encryption work key generation unit generates an encryption work key for each data block based on the header information of the data block; and
said encryption unit encrypts the data body of each data block using the encryption work key generated for the data block.
14. The encryption system according to claim 12,
wherein said encryption work key generation unit generates the encryption work key using all or a part of the header information extracted from the digital data and a master key.
15. The encryption system according to claim 14, wherein the master key is unique to each said encryption system.
16. The encryption system according to claim 14, wherein said encryption work key generation unit generates the work keys by obtaining an exclusive or of the master key and the header information.
17. The encryption system according to claim 12, wherein:
the digital data is data made up of a series of data blocks each including header information and a data body;
said system further comprises a filter which receives the digital data, extracts data blocks of a specific program based on the header information, and outputs the extracted data blocks;
said encryption work key generation unit extracts the header information of the data block extracted by said filter, and generates the encryption work key based on the extracted header information; and
said encryption block encrypts the data block extracted by said filter.
18. The encryption system according to claim 12, wherein:
said digital data is data based on MPEG and made up of a series of transport packets each including header information and a payload;
said system further comprises a filter which receives the digital data, extracts transport packets of a specific program based on the header information, and outputs the extracted transport packets;
said encryption work key generation unit extracts the header information of the transport packets extracted by said filter, and generates encryption work keys based on the extracted header information; and
said encryption unit encrypts the transport packets extracted by said filter.
19. The encryption system according to claim 18, wherein:
the header information includes PID header information containing information regarding a program number, and CC header information containing a cyclic count value which is changed in accordance with an order of transport packets to confirm continuation of transport packets; and
said encryption work key generation unit generates the encryption work keys based on at least the PID header information and the CC header information.
20. The encryption system according to claim 12, comprising an encryption range designation unit which designates a range of data that should be encrypted, and notifies the designated range to said encryption unit.
21. The encryption system according to claim 12, comprising a range determination unit which designates a range used for generating the work key, and notifies the designated range to said encryption work key generation unit.
22. The encryption system according to claim 12, wherein said encryption unit simply outputs the header information of the digital data, outputs the data body by encrypting it using the encryption work keys, and thereby generates encrypted data including the original header information and the encrypted data body.
23. A decryption system for decrypting encrypted data of digital data including header information and a data body, comprising:
a decryption work key generation unit which generates a decryption work key based on the header information of the encrypted digital data; and
a decryption unit which, as to the encrypted digital data, decrypts the data body which is encrypted, using the decryption work key, in order to reproduce the digital data including the decrypted data body and the corresponding header information.
24. The decryption system according to claim 23, wherein the digital data is data made up of a series of a plurality of data blocks each including header information and a data body, and the header information is unique to each data block,
said decryption work key generation unit generates the decryption work key for each data block based on the header information of the encrypted data block; and
said decryption unit decrypts the encrypted data body of each data block using the decryption work key for the data block.
25. The decryption system according to claim 23, wherein said decryption work key generation unit generates the decryption work key using all or a part of the header information extracted from the encrypted digital data and a master key.
26. The decryption system according to claim 25, wherein the master key is unique to each said decryption system.
27. The decryption system according to claim 25, wherein said decryption work key generation unit generates the work keys by obtaining an exclusive or of the master key and the header information.
28. The decryption system according to claim 23, comprising a decryption range determination unit which designates a range of data that should be decrypted, and notifies the designated range to said decryption unit.
29. The decryption system according to claim 23, comprising a range determination unit which designates a range used for generating the work keys, and notifies the designated range to said decryption work key generation unit.
30. The decryption system according to claim 23, wherein said decryption unit outputs the header information of the encrypted digital data as it is, decrypts the encrypted data body using the decryption work keys and outputs the decrypted data body, and thereby reproduces the original digital data.
31. An encryption method of encrypting digital data including header information and a data body, said method comprising:
generating an encryption work key based on the header information of the digital data; and
encrypting, as to the digital data, the data body using the encryption work key, and outputting the digital data.
32. A computer program for controlling a computer to execute the method according to claim 31.
33. A decryption method of decrypting encrypted data of digital data including header information and a data body, said method comprising:
generating decryption work key based on the header information of the encrypted digital data; and
decrypting, as to the encrypted digital data, the data body which is encrypted using the decryption work key, in order to reproduce the digital data including the decrypted data body and the corresponding header information.
34. A computer program for controlling a computer to execute the method according to claim 33.
US10/431,615 2002-05-09 2003-05-08 Encryption/decryption system and encryption/decryption method Abandoned US20030212886A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
JP2002-134170 2002-05-09
JP2002134170A JP2003333024A (en) 2002-05-09 2002-05-09 Encryption/decryption system and its deciphering prevention/tampering proof method

Publications (1)

Publication Number Publication Date
US20030212886A1 true US20030212886A1 (en) 2003-11-13

Family

ID=29244174

Family Applications (1)

Application Number Title Priority Date Filing Date
US10/431,615 Abandoned US20030212886A1 (en) 2002-05-09 2003-05-08 Encryption/decryption system and encryption/decryption method

Country Status (7)

Country Link
US (1) US20030212886A1 (en)
EP (1) EP1361692A3 (en)
JP (1) JP2003333024A (en)
KR (1) KR100579673B1 (en)
CN (1) CN1324831C (en)
HK (1) HK1059997A1 (en)
TW (1) TWI246296B (en)

Cited By (15)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20030149883A1 (en) * 2002-02-01 2003-08-07 Hopkins Dale W. Cryptographic key setup in queued cryptographic systems
US20050154912A1 (en) * 2004-01-09 2005-07-14 Samsung Electronics Co., Ltd. Firmware encrypting and decrypting method and an apparatus using the same
US20070001877A1 (en) * 2005-06-30 2007-01-04 Takeshi Kumagaya Information processing apparatus and decoding control method
US20070201693A1 (en) * 2006-02-28 2007-08-30 Katsuya Ohno Information processing apparatus and information processing method performing decoding or encryption
US20070300062A1 (en) * 2006-06-27 2007-12-27 Osmond Roger F Identifying and enforcing strict file confidentiality in the presence of system and storage administrators in a nas system
US20070300081A1 (en) * 2006-06-27 2007-12-27 Osmond Roger F Achieving strong cryptographic correlation between higher level semantic units and lower level components in a secure data storage system
US20080104417A1 (en) * 2006-10-25 2008-05-01 Nachtigall Ernest H System and method for file encryption and decryption
US20120236347A1 (en) * 2011-03-15 2012-09-20 Canon Kabushiki Kaisha Information processing apparatus, method for controlling information processing apparatus, and program
US20130028417A1 (en) * 2006-05-15 2013-01-31 Scientific-Atlanta, Llc System and Method for Dynamically Allocating Stream Identifiers in a Multi-Encryption Transport System
US8782803B2 (en) 2010-04-14 2014-07-15 Legitmix, Inc. System and method of encrypting a derivative work using a cipher created from its source
US8826023B1 (en) * 2006-06-30 2014-09-02 Symantec Operating Corporation System and method for securing access to hash-based storage systems
US8925102B2 (en) 2010-10-14 2014-12-30 Legitmix, Inc. System and method of generating encryption/decryption keys and encrypting/decrypting a derivative work
US20150288512A1 (en) * 2006-01-27 2015-10-08 Trustwave Holdings, Inc. Methods for cryptographic delegation and enforcement of dynamic access to stored data
US20230126908A1 (en) * 2021-10-27 2023-04-27 International Business Machines Corporation Protection against executing injected malicious code
US11716201B2 (en) * 2018-05-21 2023-08-01 Assa Abloy Ab System and method for maintaining usage records in a shared computing environment

Families Citing this family (11)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
SG144772A1 (en) * 2007-01-26 2008-08-28 Victor Company Of Japan Encryption and decryption methods and apparatus
US7936873B2 (en) 2007-05-07 2011-05-03 Apple Inc. Secure distribution of content using decryption keys
EP2146504A1 (en) * 2008-07-18 2010-01-20 Thomson Licensing, Inc. Method and device for key generation
TWI386832B (en) * 2008-11-21 2013-02-21 Htc Corp Portable communication device and controlling method thereof
CN102957541B (en) * 2012-11-21 2016-11-16 浪潮集团有限公司 A kind of cipher encrypting method based on SAAS
CN104717053B (en) * 2013-12-11 2018-08-07 晨星半导体股份有限公司 Data deciphering circuit and method
CN103716157B (en) * 2013-12-13 2017-01-25 厦门市美亚柏科信息股份有限公司 Grouped multiple-key encryption method and grouped multiple-key encryption device
KR101513833B1 (en) * 2014-04-07 2015-04-22 (주)스마일게이트엔터테인먼트 Method and system for securing hacking detection module
CN107317679B (en) * 2017-06-05 2020-01-31 国政通科技股份有限公司 Method and system for preventing fraud after identity cards are lost
CN107172436B (en) * 2017-06-09 2019-11-26 国政通科技股份有限公司 A kind of method and system of ID card information transmission protection
CN110505240A (en) * 2019-09-12 2019-11-26 山东浪潮人工智能研究院有限公司 One kind being based on server and client side's communication protocol implementation method

Citations (12)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US4941176A (en) * 1988-08-11 1990-07-10 International Business Machines Corporation Secure management of keys using control vectors
US6044155A (en) * 1997-06-30 2000-03-28 Microsoft Corporation Method and system for securely archiving core data secrets
US6167136A (en) * 1997-05-16 2000-12-26 Software Security, Inc. Method for preventing copying of digital video disks
US6167513A (en) * 1996-11-01 2000-12-26 Kabushiki Kaisha Toshiba Mobile computing scheme using encryption and authentication processing based on mobile computer location and network operating policy
US20010042124A1 (en) * 2000-03-27 2001-11-15 Barron Robert H. Web-based method, apparatus, and system for secure data storage
US6343281B1 (en) * 1997-07-11 2002-01-29 Kabushiki Kaisha Toshiba Device and method for preventing fraudulent copies of data containing encrypted copy-management information and recording medium
US6373948B1 (en) * 1997-08-15 2002-04-16 Lucent Technologies Inc. Cryptographic method and apparatus for restricting access to transmitted programming content using program identifiers
US6460137B1 (en) * 1995-06-02 2002-10-01 Fujitsu Limited Encryption processing system
US6959090B1 (en) * 2000-11-20 2005-10-25 Nokia Corporation Content Protection scheme for a digital recording device
US7065213B2 (en) * 2001-06-29 2006-06-20 Scientific-Atlanta, Inc. In a subscriber network receiving digital packets and transmitting digital packets below a predetermined maximum bit rate
US7233669B2 (en) * 2002-01-02 2007-06-19 Sony Corporation Selective encryption to enable multiple decryption keys
US7275158B2 (en) * 2000-11-21 2007-09-25 Fujitsu Limited Home server including a proxy facility, for executing an authentication and an encryption process instead of a user terminal, in an electronic commercial transaction

Family Cites Families (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5268962A (en) * 1992-07-21 1993-12-07 Digital Equipment Corporation Computer network with modified host-to-host encryption keys
CA2146472C (en) * 1994-04-22 2007-10-09 Kevin Elliott Bridgewater Packet video signal inverse transport processor with memory address circuitry
FI102936B (en) * 1996-03-04 1999-03-15 Nokia Telecommunications Oy Improving security of packet transmission in a mobile communication system
EP0994598B1 (en) * 1998-10-12 2004-12-29 SGS-THOMSON MICROELECTRONICS S.r.l. Cryptography method and station for packet switching networks based on digital chaotic models
KR100601634B1 (en) * 2000-06-07 2006-07-14 삼성전자주식회사 High speed copy protection method

Patent Citations (12)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US4941176A (en) * 1988-08-11 1990-07-10 International Business Machines Corporation Secure management of keys using control vectors
US6460137B1 (en) * 1995-06-02 2002-10-01 Fujitsu Limited Encryption processing system
US6167513A (en) * 1996-11-01 2000-12-26 Kabushiki Kaisha Toshiba Mobile computing scheme using encryption and authentication processing based on mobile computer location and network operating policy
US6167136A (en) * 1997-05-16 2000-12-26 Software Security, Inc. Method for preventing copying of digital video disks
US6044155A (en) * 1997-06-30 2000-03-28 Microsoft Corporation Method and system for securely archiving core data secrets
US6343281B1 (en) * 1997-07-11 2002-01-29 Kabushiki Kaisha Toshiba Device and method for preventing fraudulent copies of data containing encrypted copy-management information and recording medium
US6373948B1 (en) * 1997-08-15 2002-04-16 Lucent Technologies Inc. Cryptographic method and apparatus for restricting access to transmitted programming content using program identifiers
US20010042124A1 (en) * 2000-03-27 2001-11-15 Barron Robert H. Web-based method, apparatus, and system for secure data storage
US6959090B1 (en) * 2000-11-20 2005-10-25 Nokia Corporation Content Protection scheme for a digital recording device
US7275158B2 (en) * 2000-11-21 2007-09-25 Fujitsu Limited Home server including a proxy facility, for executing an authentication and an encryption process instead of a user terminal, in an electronic commercial transaction
US7065213B2 (en) * 2001-06-29 2006-06-20 Scientific-Atlanta, Inc. In a subscriber network receiving digital packets and transmitting digital packets below a predetermined maximum bit rate
US7233669B2 (en) * 2002-01-02 2007-06-19 Sony Corporation Selective encryption to enable multiple decryption keys

Cited By (25)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20030149883A1 (en) * 2002-02-01 2003-08-07 Hopkins Dale W. Cryptographic key setup in queued cryptographic systems
US7318160B2 (en) * 2002-02-01 2008-01-08 Hewlett-Packard Development Company, L.P. Cryptographic key setup in queued cryptographic systems
US20050154912A1 (en) * 2004-01-09 2005-07-14 Samsung Electronics Co., Ltd. Firmware encrypting and decrypting method and an apparatus using the same
US7929692B2 (en) * 2004-01-09 2011-04-19 Samsung Electronics Co., Ltd. Firmware encrypting and decrypting method and an apparatus using the same
US20070001877A1 (en) * 2005-06-30 2007-01-04 Takeshi Kumagaya Information processing apparatus and decoding control method
US9992014B2 (en) 2006-01-27 2018-06-05 Trustwave Holdings, Inc. Methods for cryptographic delegation and enforcement of dynamic access to stored data
US9559837B2 (en) * 2006-01-27 2017-01-31 Trustwave Holdings, Inc. Methods for cryptographic delegation and enforcement of dynamic access to stored data
US20150288512A1 (en) * 2006-01-27 2015-10-08 Trustwave Holdings, Inc. Methods for cryptographic delegation and enforcement of dynamic access to stored data
US20070201693A1 (en) * 2006-02-28 2007-08-30 Katsuya Ohno Information processing apparatus and information processing method performing decoding or encryption
US20130028417A1 (en) * 2006-05-15 2013-01-31 Scientific-Atlanta, Llc System and Method for Dynamically Allocating Stream Identifiers in a Multi-Encryption Transport System
US20150195260A1 (en) * 2006-05-15 2015-07-09 Cisco Technology, Inc. System and Method for Dynamically Allocating Stream Identifiers in a Multi-Encryption Transport System
US9444799B2 (en) * 2006-05-15 2016-09-13 Cisco Technology, Inc. System and method for dynamically allocating stream identifiers in a multi-encryption transport system
US9002008B2 (en) * 2006-05-15 2015-04-07 Cisco Technology, Inc. System and method for dynamically allocating stream identifiers in a multi-encryption transport system
US20070300062A1 (en) * 2006-06-27 2007-12-27 Osmond Roger F Identifying and enforcing strict file confidentiality in the presence of system and storage administrators in a nas system
US8176319B2 (en) * 2006-06-27 2012-05-08 Emc Corporation Identifying and enforcing strict file confidentiality in the presence of system and storage administrators in a NAS system
US20070300081A1 (en) * 2006-06-27 2007-12-27 Osmond Roger F Achieving strong cryptographic correlation between higher level semantic units and lower level components in a secure data storage system
US8185751B2 (en) * 2006-06-27 2012-05-22 Emc Corporation Achieving strong cryptographic correlation between higher level semantic units and lower level components in a secure data storage system
US8826023B1 (en) * 2006-06-30 2014-09-02 Symantec Operating Corporation System and method for securing access to hash-based storage systems
US20080104417A1 (en) * 2006-10-25 2008-05-01 Nachtigall Ernest H System and method for file encryption and decryption
US8782803B2 (en) 2010-04-14 2014-07-15 Legitmix, Inc. System and method of encrypting a derivative work using a cipher created from its source
US8925102B2 (en) 2010-10-14 2014-12-30 Legitmix, Inc. System and method of generating encryption/decryption keys and encrypting/decrypting a derivative work
US9030680B2 (en) * 2011-03-15 2015-05-12 Canon Kabushiki Kaisha Information processing apparatus, method for controlling information processing apparatus, and program
US20120236347A1 (en) * 2011-03-15 2012-09-20 Canon Kabushiki Kaisha Information processing apparatus, method for controlling information processing apparatus, and program
US11716201B2 (en) * 2018-05-21 2023-08-01 Assa Abloy Ab System and method for maintaining usage records in a shared computing environment
US20230126908A1 (en) * 2021-10-27 2023-04-27 International Business Machines Corporation Protection against executing injected malicious code

Also Published As

Publication number Publication date
EP1361692A3 (en) 2004-01-02
KR100579673B1 (en) 2006-05-15
CN1457166A (en) 2003-11-19
JP2003333024A (en) 2003-11-21
KR20030087980A (en) 2003-11-15
HK1059997A1 (en) 2004-07-23
EP1361692A2 (en) 2003-11-12
TW200308162A (en) 2003-12-16
TWI246296B (en) 2005-12-21
CN1324831C (en) 2007-07-04

Similar Documents

Publication Publication Date Title
US20030212886A1 (en) Encryption/decryption system and encryption/decryption method
US6975730B1 (en) Method and apparatus for contents information
KR100533225B1 (en) A method and a system for transferring information using an encryption mode indicator
US7660414B2 (en) Encryption/decryption method and authentication method using multiple-affine key system
EP2040411B1 (en) Terminal device, server device, and content distribution system
US20030051151A1 (en) Information processing apparatus, information processing method and program
EP1612988A1 (en) Apparatus and/or method for encryption and/or decryption for multimedia data
US8225090B2 (en) Method and apparatus for inserting authentication code, and method and apparatus for using data through authentication
EP1120934B1 (en) Method and apparatus for key distribution using a key base
EP1526698A2 (en) Data transmission method and data transmission apparatus
US8737611B2 (en) Encryption device and medium, decryption device and method, data delivery device, data receiving device, and data delivery system
US20090238368A1 (en) Key distribution system
JP2003318874A (en) Contents copyright protection device and its program and method
EP1418700B1 (en) Method and device for communicating encrypted asynchronous and synchronous packets
JP2008278416A (en) Apparatuses, methods, and programs for data encryption processing and data decryption processing, and integrated circuit
KR100608573B1 (en) Apparatus and System for Data Copy Protection and Method therefor
US20010014155A1 (en) Method and apparatus for decrypting contents information
JPH10293725A (en) External storage device, ciphering unit device, decoding unit device, ciphering system, decoding system, ciphering method and decoding method
US20040252973A1 (en) System and method for audio/video data copy protection
JP2001211159A (en) Method and device for decipehring contents information
JP3603415B2 (en) Data encryption system
JP3846148B2 (en) Content information decoding method and content information decoding apparatus
JP2003169092A (en) Encryption device and decryption device
JP2007294093A (en) Digital signal recording apparatus, reproducing apparatus, and recording medium
JP2004320708A (en) Av stream transmission system

Legal Events

Date Code Title Description
AS Assignment

Owner name: NEC CORPORATION, JAPAN

Free format text: ASSIGNMENT OF ASSIGNORS INTEREST;ASSIGNOR:SUGIURA, ATSUKO;REEL/FRAME:014262/0921

Effective date: 20030502

STCB Information on status: application discontinuation

Free format text: ABANDONED -- FAILURE TO RESPOND TO AN OFFICE ACTION